SYM_CONF_0061 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The PostgreSQL server is configured to allow outdated TLS versions (1.0, 1.1, or 1.2), which do not provide the strongest encryption available. This increases the risk of data exposure during transmission.
Impact
Attackers may exploit weaker TLS protocols to intercept or tamper with sensitive data sent between clients and the database. This could lead to data breaches, credential theft, or unauthorized access to confidential information.