C Sharp Disabled Strong Crypto
Description
Detects when an application explicitly disables strong cryptography protocols in .NET by setting 'System.Net.DontEnableSchUseStrongCrypto' to true. This configuration weakens the application's security by allowing the use of less secure protocols and cipher suites, potentially exposing the application to man-in-the-middle attacks and other cryptographic vulnerabilities.
Detection Strategy
• Look for calls to AppContext.SetSwitch() in C# code
• Check if the switch name parameter is 'Switch.System.Net.DontEnableSchUseStrongCrypto'
• Verify if the switch value is set to 'true'
• Report a vulnerability when these conditions are met as it indicates intentional downgrade of security protocols
Vulnerable code example
using System;
public class Program
{
public void ConfigureApp()
{
AppContext.SetSwitch("Switch.System.Net.DontEnableSchUseStrongCrypto", true); // SECURITY RISK: Disables strong cryptography which weakens TLS security
}...✅ Secure code example
using System;
public class Program
{
public void ConfigureApp()
{
AppContext.SetSwitch("Switch.System.Net.DontEnableSchUseStrongCrypto", false); // Ensures strong cryptography remains enabled for TLS security
}...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.