Skip to content

Insecure TLS certificate validation (accept self-signed certificate)

Insecure TLS certificate validation (accept self-signed certificate)

Description

The application accepts self-signed certificates making it vulnerable to man-in-the-middle (MITM) attacks.

Recommendation

An invalid or malicious certificate might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. For example, the software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that originates from a trusted host.

Standards