SYM_JAVA_0042 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code enables unsafe TLS renegotiation by setting 'sun.security.ssl.allowUnsafeRenegotiation' to true. This weakens the security of encrypted connections and makes them vulnerable to interception.
Impact
Allowing unsafe TLS renegotiation lets attackers inject malicious data into secure connections, potentially leading to man-in-the-middle attacks. Sensitive information could be exposed or tampered with, putting both user data and application integrity at risk.