SYM_CONF_0070 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The MSSQL server is configured to use outdated TLS versions (1.0 or 1.1), which have known security weaknesses and do not provide strong encryption. This leaves data in transit vulnerable to interception and unauthorized access.
Impact
Using weak TLS versions allows attackers to exploit known cryptographic flaws, potentially intercepting or manipulating sensitive data sent between applications and the database. This can lead to data breaches, loss of confidentiality, and non-compliance with security standards or regulations.