Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

HTTPS connection with weak key length

Description

The key length for HTTPS connections is lower than the recommended 128 bits.

Remediation

The key length should be at least 128 bits.

References

Testing for Weak SSL/TSL Ciphers, Insufficient Transport Layer Protection

Related Vulnerabilities

The Heartbleed Bug

CodeIgniter weak encryption key

WordPress plugin WPtouch insecure nonce generation

Insecure Transportation Security Protocol Supported (TLS 1.0)

The DROWN attack (SSLv2 supported)

Severity

Medium

Classification

CWE-310 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Weak Crypto