SYM_PY_0021 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Certificate Validation
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code creates an SSL context that skips certificate verification, allowing connections to servers without checking their identity. This makes the connection susceptible to man-in-the-middle attacks.
Impact
If exploited, attackers could intercept or alter sensitive data transmitted over supposedly secure connections, potentially leading to data breaches, credential theft, or loss of integrity and confidentiality for users and the application.