Insecure service configuration - Certificates
Description
Due to a misconfiguration of X.509 certificates, the application can accept invalid certificates, making it possible to carry out Man in The Middle attacks.
Impact
Execute Man-in-the-middle attacks.
Recommendation
Throw typed exceptions in case of detection of invalid certificates.
Threat
Unauthorized attacker on the Internet.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
266 - Disable insecure functionalitiesRules
Ssl Tls X509 Uses Dangerous WildcardSsl Tls Certificate Expiration Not ValidatedSsl Tls Self Signed CertificateSsl Tls Certificate Revocation Not CheckedSsl Tls Certificate Issued To Wrong EntityAndroid Apk Improper Certificate ValidationAndroid Apk Improper Certificate Validation DefaultExecutable Files Insecure Certificate ValidationYaml Ansible Not Validated CertificatesDart Postgres Ssl Verification BypassDart Grpc Ssl Verification BypassConfig Files Ssl Flags DisabledRuby Ssl Certificate Verification BypassC Sharp Untrusted Root Certificate AdditionDart Webview Flutter Ssl Verification BypassJavascript Tls Reject Unauthorized FalseScala Ssl Hostname Verification BypassJson Yaml Tls Verification Disabled EnvPython Aiohttp Ssl Verification BypassPython Ssl Certificate Verification BypassTypescript Ssl Verification BypassC Sharp X509certificate2 Privatekey UsedC Sharp Insecure Certificate ValidationDart Io Ssl Verification BypassPython Boto3 Ssl Verification BypassPython Verify False In RequestsRuby Insecure Open Ssl ModePython Httpx Ssl Verification BypassPython Websocket Ssl Verification BypassDart Inappwebview Ssl Verification BypassJavascript Ssl Verification BypassPython Urllib3 Ssl Verification BypassTypescript Tls Reject Unauthorized FalseFixes