SYM_RS_0005 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Certificate Validation
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code configures the reqwest HTTP client to accept invalid TLS certificates or hostnames, effectively disabling secure server identity verification. This allows connections to potentially untrusted or malicious servers.
Impact
Attackers could intercept or manipulate data exchanged with external services, perform man-in-the-middle attacks, or impersonate trusted servers. This can lead to data leakage, credential theft, or compromise of sensitive application functionality.