|
Details
|
|
Alert ID
|
10205-2 |
|
Alert Type
|
Active |
|
Status
|
alpha |
|
Risk
|
High |
|
CWE
|
311
|
|
WASC
|
4 |
|
Technologies Targeted
|
All
|
|
Tags
|
CWE-311
|
|
More Info
|
Scan Rule Help
|
Summary
The HTTPS configuration has one or more security issues identified by the TLS risk assessment.
Solution
Address each finding listed below. Refer to the rule IDs and descriptions for specific remediation guidance. Common fixes include: disabling weak protocols (SSLv2/3, TLS 1.0/1.1), removing weak ciphers, ensuring valid and trusted certificates, enabling HSTS, and configuring proper revocation checking.
Other Info
The HTTPS configuration has one or more security issues identified by the TLS risk assessment. Risk score: 45/100 Letter grade: F Findings:Certificate & Chain: Certificate expired - [SYS-0020100] Certificate expired (CRITICAL) Full HTTPS configuration report: Server: example.com Server Certificate(s): Subject DN: CN=example.com Signing Algorithm: SHA256withRSA Certificate Fingerprint: AA:BB:CC:... Issuer DN: CN=example.com Not Valid Before: Not Valid After: Certificate Serial Number: 0 Certificate Version: 3 Self Signed Certificate: false Cipher Suites Supported: TLS_AES_256_GCM_SHA384(STRONG,TLSv1.3) TLS_CHACHA20_POLY1305_SHA256(STRONG,TLSv1.3)
References
Code
org/zaproxy/zap/extension/httpsinfo/HttpsConfigScanRule.java