SYM_GO_0039 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Medium |
Description
The TLS configuration is missing a minimum protocol version, which means the server or client may allow insecure, outdated versions like TLS 1.0 or 1.2. This leaves encrypted connections vulnerable to known attacks on older TLS protocols.
Impact
If exploited, attackers could intercept or manipulate sensitive data by exploiting weaknesses in outdated TLS versions. This can lead to data breaches, loss of confidentiality or integrity, and failure to comply with security standards.