Insecure service configuration

Insecure service configuration - Certificates

Description

Due to a misconfiguration of X.509 certificates, the application can accept invalid certificates, making it possible to carry out Man in The Middle attacks.

Impact

Execute Man-in-the-middle attacks.

Recommendation

Throw typed exceptions in case of detection of invalid certificates.

Threat

Unauthorized attacker on the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

266 - Disable insecure functionalities

Fixes

Cloudformation Dart