SYM_RS_0008 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Certificate Validation
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code is configuring a TLS client using dangerous settings that bypass or replace standard certificate verification. This can disable critical SSL checks, making connections insecure.
Impact
If exploited, attackers could intercept or manipulate encrypted traffic using man-in-the-middle attacks, potentially exposing sensitive data or allowing session hijacking. This compromises the confidentiality and integrity of client-server communications.