SYM_CONF_0144 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Google Cloud Load Balancer is configured to allow outdated versions of TLS, rather than enforcing at least TLS 1.2. This weakens the security of encrypted connections to your services.
Impact
Allowing insecure TLS versions exposes data in transit to interception or tampering by attackers, potentially leading to sensitive information leaks or man-in-the-middle attacks against users of your application.