Insecure TLS certificate domain name validation

Insecure TLS certificate domain name validation

Risk: medium

Description

The application does not perform proper TLS certificate validation, which makes it vulnerable to man-in-the-middle attacks.

Recommendation

It is recommended to apply proper TLS certificate validation. A compliant solution depends on actual implementation.

Links

• Properly verify server certificate on SSL/TLS (CERT Secure Coding)

Standards

• PCI_STANDARDS:
  • REQ_2_2
  • REQ_4_2
  • REQ_11_3