Fluid Attacks Database

Description

Detects when IIS Express web server configurations have SSL port set to 0, which effectively disables HTTPS. This misconfiguration forces the application to use insecure HTTP connections, potentially exposing sensitive data in transit.

Weakness:

164 - Insecure service configuration

Category: Functionality Abuse

Detection Strategy

• Inspects IIS Express configuration files (like .config or project settings)

• Identifies 'sslPort' settings specifically under 'iisExpress' or 'iisSettings' sections

• Reports a vulnerability when the SSL port value is explicitly set to '0'

• Only triggers on configuration files where SSL port is disabled, not when it's configured to use a valid port number

Vulnerable code example

{
    "iisSettings": {
        "iisExpress": {
            "applicationUrl": "http://localhost:8080",  // Vulnerable: Using unsecured HTTP protocol
            "sslPort": 0  // Vulnerable: SSL/TLS disabled (sslPort=0) exposes traffic to interception
        }
    }
}

✅ Secure code example

{
    "iisSettings": {
        "windowsAuthentication": false,
        "anonymousAuthentication": true,
        "iisExpress": {
            "applicationUrl": "https://localhost:44300",  // Secure: Using HTTPS protocol
            "sslPort": 44300  // Secure: Standard SSL port enabled for TLS encryption
        }...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.