Ssl Tls Self Signed Certificate
Description
Detects self-signed SSL/TLS certificates that have not been signed by a trusted Certificate Authority (CA). Self-signed certificates pose a security risk as they lack third-party validation of the certificate's authenticity, making the connection vulnerable to man-in-the-middle attacks.
Detection Strategy
• Examines the SSL/TLS certificate presented by the web server during connection
• Compares the certificate's issuer and subject fields - if they are identical, the certificate is self-signed
• Reports a vulnerability when the certificate issuer matches the subject, indicating no trusted CA was involved in certificate validation
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.