SYM_PY_0034 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses outdated or insecure SSL/TLS versions (such as SSLv2, SSLv3, TLSv1.0, or TLSv1.1) for secure connections. These protocols are deprecated and contain known vulnerabilities that make encrypted communications unsafe.
Impact
Attackers could exploit weaknesses in these old protocols to intercept or manipulate sensitive data, perform man-in-the-middle attacks, or decrypt confidential information. This can lead to data breaches, loss of user trust, and regulatory compliance violations.