c622e8e4d3
## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
17 lines
824 B
Plaintext
17 lines
824 B
Plaintext
=== What is the potential impact?
|
|
|
|
Establishing trust in a secure way is a non-trivial task. When you disable
|
|
hostname validation, you are removing a key mechanism designed to build this
|
|
trust in internet communication, opening your system up to a number of
|
|
potential threats.
|
|
|
|
==== Identity spoofing
|
|
|
|
If a system does not validate hostnames, it cannot confirm the identity of
|
|
the other party involved in the communication. An attacker can exploit this by
|
|
creating a fake server and masquerading it as a legitimate one. For example,
|
|
they might set up a server that looks like your bank's server, tricking your
|
|
system into thinking it is communicating with the bank. This scenario, called
|
|
identity spoofing, allows the attacker to collect any data your system sends
|
|
to them, potentially leading to significant data breaches.
|