Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-4830

SSL/TLS certificates chain of trust verification should not be disabled

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Activate SSL/TLS certificates chain of trust verification
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      C#, C, C++, Go, Java, Kotlin, Objective-C, Python, Ruby, Scala, Swift
    • Covered Languages:
      PHP
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • Analysis Level:
      Syntactic Analysis
    • Analysis Scope:
      Main Sources
    • CWE:
      CWE-295
    • OWASP:
      A6

      Description

      Disabling SSL/TLS certificates chain of trust verification is similar to trust every one in the chain and so to expose the application to man-in-the-middle (MITM) attacks.

      See

        Attachments

          Issue Links

          1.
          PHP RSPEC-4831 Language-Specification Active Unassigned

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                alexandre.gigleux Alexandre Gigleux
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: