SYM_GEN_0057 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The server configuration is missing the 'ssl_protocols' directive, which means outdated and insecure TLS versions (like TLSv1 and TLSv1.1) may be enabled by default. This exposes encrypted traffic to known vulnerabilities.
Impact
Attackers could exploit weak encryption protocols to intercept or decrypt sensitive data transmitted between clients and the server. This can lead to data breaches, credential theft, or unauthorized access to confidential information.