313 – Insecure service configuration - Certificates
Description
Due to a misconfiguration of X.509 certificates, the application can accept invalid certificates, making it possible to carry out Man in The Middle attacks.
Impact
Execute Man-in-the-middle attacks.
Recommendation
Throw typed exceptions in case of detection of invalid certificates.
Threat
Unauthorized attacker on the Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: A
- Attack complexity: H
- Attack Requirements: N
- Privileges required: N
- User interaction: P
- Confidentiality (VC): N
- Integrity (VI): L
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P