Skip to content

Security Test: TLS Configuration Server Defaults

Description

Default Severity:

When TLS isn’t set up with proper care, even a connection that looks secure might let attackers peek or tamper with messages. Developers often rely on defaults when configuring TLS, but if the protocols, keys, or certificates aren’t carefully managed or updated, an attacker could trick the system, intercept sensitive credentials, or impersonate a server. In other words, a poorly configured TLS setup opens the door to potential man-in-the-middle attacks, misused certificates, and overall loss of confidence in secure communications, which could ultimately lead to data breaches or unauthorized access.

Reference:

Configuration

Identifier: protocol/tls_configuration_server_default

Examples

All configuration available:

checks:
  protocol/tls_configuration_server_default:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API8:2023
OWASP LLM Top 10 LLM06:2023
PCI DSS 4.1
GDPR Article-32
SOC2 CC6
PSD2 Article-95
ISO 27001 A.10.1
NIST SP800-52
FedRAMP SC-8
CWE 319
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS Score 5.3