SYM_PY_0043 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Certificate Validation
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Using HTTPSConnection in Python without proper SSL certificate verification can expose your application to insecure connections, especially in older Python versions where certificates are not checked by default. This makes it easier for attackers to intercept or tamper with sensitive data during transmission.
Impact
If SSL certificates are not verified, attackers could perform man-in-the-middle attacks, intercepting or altering confidential data such as login credentials or personal information. This could lead to data breaches, loss of user trust, and potential legal or compliance issues for your organization.