Description

The remote service encrypts traffic using SSL 2.0, an insecure and deprecated protocol with widely known weaknesses.

Remediation

Disable SSL 2.0 and use TLS 1.2 (or higher) instead.

References

Original Advisory

Related Vulnerabilities

Node.js Debugger Unauthorized Access Vulnerability

Content Security Policy (CSP) report-uri Uses HTTP

Unicode Transformation (Best-Fit Mapping)

Firebase database accessible without authentication

Yii debug mode enabled

Severity

High

Classification

CWE-326 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Weak Crypto