Description

The application uses useSslProtocol() function, which allows the trust manager to trust all server certificates presented to it, this is convenient for local development, but is not recommended for use in production, as it does not provide protection against man-in-the-middle attacks.

Impact

Intercept sensitive information over an insecure channel.

Recommendation

Preferably make use of useSslProtocol(SSLContext).

Threat

Anonymous attacker on the internal network running a MitM.

Expected Remediation Time

⏱️ 15 minutes.

Requirements

Fixes