Python Urllib3 Ssl Verification Bypass

Description

Detects when SSL certificate verification is disabled in urllib3 HTTP clients, which could allow man-in-the-middle attacks. This vulnerability occurs when cert_reqs is set to CERT_NONE or similar values that bypass certificate validation.

Weakness:

313 - Insecure service configuration - Certificates

Category: Functionality Abuse

Detection Strategy

• Check if urllib3 library is imported in the code

• Look for urllib3 client configurations where cert_reqs parameter is set to insecure values like CERT_NONE

• Identify direct assignments to cert_reqs property with values that disable certificate verification

• Report vulnerability when SSL verification is disabled through either method parameters or property assignments

Vulnerable code example

import urllib3
import ssl

# VULNERABLE: Explicitly disables SSL certificate verification
http = urllib3.PoolManager(cert_reqs='CERT_NONE')

# VULNERABLE: Using ssl constant to disable verification
insecure_pool = urllib3.PoolManager(cert_reqs=ssl.CERT_NONE)

✅ Secure code example

import urllib3
import ssl

# SAFE: Use default settings which enable certificate verification
http = urllib3.PoolManager()  # Default is ssl.CERT_REQUIRED

# SAFE: Explicitly require certificate verification
secure_pool = urllib3.PoolManager(cert_reqs=ssl.CERT_REQUIRED)...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.