SYM_PY_0033 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Using 'ssl.wrap_socket()' creates an insecure SSL/TLS connection because it does not support critical security features like server name indication and hostname verification. This makes the encrypted connection vulnerable to interception or impersonation.
Impact
If exploited, attackers could perform man-in-the-middle attacks to intercept or alter sensitive data transmitted over the connection, potentially exposing credentials, personal information, or other confidential data and undermining trust in the application's security.