Fluid Attacks Database

Description

Detects CloudFront distributions that allow insecure SSL/TLS protocol versions, which could expose the content delivery to security vulnerabilities. This includes checking both viewer-facing HTTPS connections and origin server connections for outdated or insecure protocol versions.

Weakness:

016 - Insecure encryption algorithm - SSL/TLS

Category: Information Collection

Detection Strategy

• Reports a vulnerability when a CloudFront distribution's viewer certificate uses outdated TLS protocol versions (like TLSv1.0 or TLSv1.1)

• Identifies distributions where origin server connections allow insecure SSL/TLS protocols in the OriginSslProtocols configuration

• Scans all CloudFront distributions in the account and evaluates each distribution's protocol settings against security best practices

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.