Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-5527

Server hostnames should be verified during SSL/TLS connections

    Details

    • Message:
      Enable server hostname verification on this SSL/TLS connection
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      ABAP, APEX, C#, C, C++, Cobol, CSS, Flex, Go, HTML, JavaScript, Kotlin, Objective-C, PHP, PL/I, PL/SQL, RPG, Ruby, Rust, Scala, Solidity, Swift, T-SQL, TypeScript, VB.Net, VB6, XML
    • Covered Languages:
      Java, Python
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • Analysis Level:
      Syntactic Analysis
    • Analysis Scope:
      Main Sources
    • CWE:
      CWE-297, CWE-295
    • OWASP:
      A3, A6
    • FindSecBugs:
      WEAK_HOSTNAME_VERIFIER, INSECURE_SMTP_SSL

      Description

      To establish a SSL/TLS connection not vulnerable to man-in-the-middle attacks, it's essential to make sure the server presents the right certificate.
      The certificate's hostname-specific data should match the server hostname.

      It's not recommended to re-invent the wheel by implementing custom hostname verification.
      TLS/SSL libraries provide built-in hostname verification functions that should be used.

      See

        Attachments

          Issue Links

          1.
          Python RSPEC-5530 Language-Specification Active Unassigned
          2.
          PHP RSPEC-5532 Language-Specification Active Unassigned
          3.
          Java RSPEC-5533 Language-Specification Active Unassigned
          4.
          Kotlin RSPEC-5535 Language-Specification Active Unassigned
          5.
          JavaScript RSPEC-5667 Language-Specification Active Unassigned
          6.
          C-Family RSPEC-5882 Language-Specification Active Unassigned

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                eric.therond Eric Therond
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: