147 – Insecure encryption algorithm - SSLContext

Description

An SSLContext object implements the specified secure socket protocol. However, not all protocols are equal and some legacy protocols, such as SSL, have proven to be insecure.

Impact

Decrypt traffic at the back-end level.

Recommendation

Only secure encryption with secure algorithms such as TLSv1.2 or higher should be allowed.

Threat

Unauthenticated internal attacker.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: A
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: A
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 181 - Transmit data using secure protocols
• 336 - Disable insecure TLS versions

Fixes

• Dart
• Go
• Java
• Python
• Ruby
• Scala
• Swift
• Typescript

Last updated

2024/02/14