SYM_JSTS_0149 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code configures the database connection to use outdated TLS versions (1.0 or 1.1), which are no longer considered secure. This weakens the encryption used for data sent between your app and the database.
Impact
Using deprecated TLS versions makes it easier for attackers to intercept or tamper with sensitive data, potentially exposing user information or credentials. This can lead to data breaches, compliance violations, and undermine the security of your application.