TLS/SSL certificate expired in less than 90 days

Description

During the scan, Kayran managed to find that one of the TLS / SSL certificates used by your server will expire in less than 90 days. TLS / SSL certificates facilitate the encryption of data being transferred.
When the certificate expires, a web browsers will display a security warning to end-users. This warning will be asking them to manually verify the credibility of the certificate on your server.

If the certificate expires, it issues a warning to the user, indicating: “This site is not secure”, or, that “Your connection is not private”, this may lead to users avoiding from accessing or using your site.
Also, an attacker could exploit this vulnerability to carry out Man-In-The-Middle attacks because the traffic was not encrypted.

Recommendation

Renew or Replace your SSL/TLS certificate by contacting the company that provides certification for your server and ask them to renew as soon as possible.

References

https://cwe.mitre.org/data/definitions/295.html

< Return to all Vulnerabilities

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »