DerScanner
Home / Vulnerability Database / Perl : Unsafe SSL configuration
Perl

Perl : Unsafe SSL configuration

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure DesignA8-Software and Data Integrity Failures
OWASP MASVS
V5: 5.2.(L1/L2/L1+R/L2+R)
OWASP ASVS
CommunicationCommunicationStored Cryptography
PCI DSS 4.0
2.2.54.2.16.2.4
HIPAA
§164.312 (e)(1)
CWE
CWE-345CWE-656CWE-1032

Overview

SSL connection uses insecure settings. The established connection is insecure and can cause a compromise of valuable data.

Many versions suits are insecure or obsolete. Some secure protocol versions:

  • TLSv12
  • TLSv11

References

  1. IO::Socket::SSL - Common Usage Errors
  2. Which Cipher Suites to enable for SSL Socket? - stackoverflow.com
  3. OWASP Top 10 2017-A3-Sensitive Data Exposure
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
MEDIUM

DerScanner Severity Score

Do you want to fix Perl : Unsafe SSL configuration in your application?

See also

Perl

Perl : Empty encryption key

Perl

Perl : Undocumented feature: special account

Perl

Perl : Undocumented feature: time bomb