Security Test: TLS Configuration Server Defaults¶
Description¶
Default Severity:
When TLS isn’t set up with proper care, even a connection that looks secure might let attackers peek or tamper with messages. Developers often rely on defaults when configuring TLS, but if the protocols, keys, or certificates aren’t carefully managed or updated, an attacker could trick the system, intercept sensitive credentials, or impersonate a server. In other words, a poorly configured TLS setup opens the door to potential man-in-the-middle attacks, misused certificates, and overall loss of confidence in secure communications, which could ultimately lead to data breaches or unauthorized access.
Reference:
Configuration¶
Identifier:
protocol/tls_configuration_server_default
Examples¶
All configuration available:
Compliance and Standards¶
Standard | Value |
---|---|
OWASP API Top 10 | API8:2023 |
OWASP LLM Top 10 | LLM06:2023 |
PCI DSS | 4.1 |
GDPR | Article-32 |
SOC2 | CC6 |
PSD2 | Article-95 |
ISO 27001 | A.10.1 |
NIST | SP800-52 |
FedRAMP | SC-8 |
CWE | 319 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
CVSS Score | 5.3 |