TLS 1.0 enabled

Description

During the scan, Kayran managed to find that the web server supports encryption through TLS 1.0.
When aiming for PCI or DSS, it is recommended to use a newer version : TLS 1.3.

An attacker might be able to exploit this vulnerability to conduct MITM (Man-In-The-Middle) attacks and decrypt the traffic that takes place between the affected services and the customers.

Severity/Score

CVSS Version 3.x – 6.5 Medium

Recommendation

In order to prevent this vulnerability, make sure that you disable TLS 1.0 and replace it with the newer version of TLS 1.3.
Always do your best to make sure it’s updated to the latest release.

References

https://docs.microsoft.com/en-us/security/engineering/solving-tls1-problem

https://cwe.mitre.org/data/definitions/326.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »