8 lines
602 B
Plaintext
8 lines
602 B
Plaintext
Validating SSL/TLS connections is security-sensitive. For example, it has led in the past to the following vulnerabilities:
|
|
|
|
* https://nvd.nist.gov/vuln/detail/CVE-2014-5531[CVE-2014-5531]
|
|
* https://nvd.nist.gov/vuln/detail/CVE-2014-5524[CVE-2014-5524]
|
|
* https://nvd.nist.gov/vuln/detail/CVE-2014-5574[CVE-2014-5574]
|
|
|
|
SSL/TLS protocols encrypt network connections. The server usually provides a digital certificate to prove its identity. Accepting all SSL/TLS certificates makes your application vulnerable to https://www.owasp.org/index.php/Man-in-the-middle_attack[Man-in-the-middle attacks (MITM)].
|