C Sharp Servicepointmanager Security Protocols Disabled

Description

Detects the configuration of weak or obsolete security protocols (SSL3, TLS 1.0, TLS 1.1) in C# applications using ServicePointManager.SecurityProtocol. Using deprecated protocols can expose applications to known cryptographic vulnerabilities and man-in-the-middle attacks.

Weakness:

016 - Insecure encryption algorithm - SSL/TLS

Category: Information Collection

Detection Strategy

• Look for assignments or references to SecurityProtocolType in the code

• Check if any of the following weak protocols are specified: SSL3, TLS 1.0, TLS 1.1, or None

• Report a vulnerability when explicit use of these deprecated protocols is found in SecurityProtocolType configurations

Vulnerable code example

using System.Net;

public class InsecureService {
    public InsecureService() {
        // Vulnerable: Using only TLS 1.0 which is deprecated and insecure
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
    }
}

✅ Secure code example

using System.Net;

public class SecureService {
    public SecureService() {
        // Secure: Using TLS 1.2 and 1.3 for strong encryption and security
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls13;
    }
}

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.