SYM_JAVA_0030 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Using DefaultHttpClient is insecure because it is deprecated and does not support modern TLS 1.2 encryption. This means data sent over the network may not be properly protected.
Impact
Attackers could intercept or tamper with sensitive information transmitted by your application, leading to data leaks or man-in-the-middle attacks. This can result in exposure of user credentials or other confidential data.