SYM_RS_0002 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Certificate Validation
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Disabling SSL certificate verification (using SSL_VERIFY_NONE) means the application will accept any server certificate, even if it's invalid or malicious. This undermines the security of encrypted connections.
Impact
Attackers could intercept or manipulate sensitive data by performing man-in-the-middle (MitM) attacks, potentially leading to credential theft, data leakage, or injection of malicious content. This exposes users and the organization to serious security risks.