Improper Certificate Validation
ID |
scala.endpoint.scala_endpoint_rule_weakhostnameverification |
Severity |
low |
Resource |
Endpoint |
Language |
Scala |
Description
A HostnameVerifier that accept any host are often use because of certificate reuse on many hosts. As a consequence, this is vulnerable to Man-in-the-middle attacks since the client will trust any certificate.
Rationale
A HostnameVerifier that accept any host are often use because of certificate reuse on many hosts. As a consequence, this is vulnerable to Man-in-the-middle attacks since the client will trust any certificate.
The following code illustrates a vulnerable pattern detected by this rule:
class AllHosts extends HostnameVerifier {
// VULNERABLE: Improper Certificate Validation
def verify(hostname: String, session: SSLSession) = true
}Remediation
Follow secure coding practices and review the references below for detailed remediation guidance.
References
-
OWASP Top 10 2021 - A01 : Broken Access Control.