DerScanner
Home / Vulnerability Database / Python : Unsafe SSL configuration
Python

Python : Unsafe SSL configuration

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure DesignA8-Software and Data Integrity Failures
OWASP MASVS
V5: 5.2.(L1/L2/L1+R/L2+R)
OWASP ASVS
CommunicationCommunicationStored Cryptography
PCI DSS 4.0
2.2.54.2.16.2.4
HIPAA
§164.312 (e)(1)
CWE
CWE-345CWE-656CWE-1032

Overview

SSL connection uses insecure settings. The established connection is insecure and can cause a compromise of valuable data.

In python applications constants that denote the protocol version is used to set the parameters of SSL connection. Many versions suits are insecure or obsolete. Some secure protocol versions:

  • PROTOCOL_TLSv1_2
  • PROTOCOL_TLSv1_1

References

  1. Security considerations
  2. Which Cipher Suites to enable for SSL Socket? - stackoverflow.com
  3. OWASP Top 10 2017-A3-Sensitive Data Exposure
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
MEDIUM

DerScanner Severity Score

Do you want to fix Python : Unsafe SSL configuration in your application?

See also

Python

Python : Debug mode on

Python

Python : Web3: Deprecated method

Python

Python : Unsafe padding