SYM_CONF_0096 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The web app is configured to use an outdated TLS version (1.0 or 1.1), which lacks modern security protections. This makes encrypted connections to your app vulnerable to known attacks.
Impact
Attackers could exploit weaknesses in old TLS versions to intercept or manipulate sensitive data in transit, potentially exposing user information or credentials. This compromises the confidentiality and integrity of your application's communications and may violate compliance requirements.