SYM_CONF_0138 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The SSL policy for your Google Cloud load balancer allows weak or outdated cipher suites or TLS versions, which do not provide strong encryption for data in transit. This configuration can expose sensitive data to interception or tampering.
Impact
If weak SSL/TLS settings are used, attackers could decrypt or manipulate traffic between users and your services, leading to data breaches, credential theft, or unauthorized access. This weakens the overall security of your application and may violate compliance requirements.