Weak TLS

If the in-transit data is sent in plaintext or via a deprecated encryption protocol, an adversary listening on the wire can intercept and modify it. This can lead to theft of sensitive information, identity theft, and other malicious activities.

Remediation

Always use strong encryption protocols like TLS 1.2 or higher to secure data transmission.
Disable support for deprecated encryption protocols, such as SSL and early versions of TLS.
Validate SSL/TLS certificates to prevent man-in-the-middle (MITM) attacks by untrusted or fake certificates.
Implement certificate pinning to ensure communication occurs only with trusted servers.
Encrypt sensitive data at the application level before transmission for an added layer of protection.

Metadata

Severity: medium
Slug: weak-tls

OWASP

M5:2024: Insecure Communication

Available Labs

Open Java labs in SecDim Play for this vulnerability.

easy

SSL.android

Java Easy Android Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.