Details
Alert ID 10205-2
Alert Type Active
Status alpha
Risk High
CWE 311
WASC 4
Technologies Targeted All
Tags CWE-311
OWASP_2017_A03
OWASP_2021_A02
OWASP_2025_A04
POLICY_API
POLICY_PENTEST
POLICY_QA_FULL
POLICY_QA_STD
POLICY_SEQUENCE
SYSTEMIC
WSTG-V42-CRYP-01
More Info Scan Rule Help

Summary

The HTTPS configuration has one or more security issues identified by the TLS risk assessment.

Solution

Address each finding listed below. Refer to the rule IDs and descriptions for specific remediation guidance. Common fixes include: disabling weak protocols (SSLv2/3, TLS 1.0/1.1), removing weak ciphers, ensuring valid and trusted certificates, enabling HSTS, and configuring proper revocation checking.

Other Info

The HTTPS configuration has one or more security issues identified by the TLS risk assessment. Risk score: 45/100 Letter grade: F Findings:Certificate & Chain: Certificate expired - [SYS-0020100] Certificate expired (CRITICAL) Full HTTPS configuration report: Server: example.com Server Certificate(s): Subject DN: CN=example.com Signing Algorithm: SHA256withRSA Certificate Fingerprint: AA:BB:CC:... Issuer DN: CN=example.com Not Valid Before: Not Valid After: Certificate Serial Number: 0 Certificate Version: 3 Self Signed Certificate: false Cipher Suites Supported: TLS_AES_256_GCM_SHA384(STRONG,TLSv1.3) TLS_CHACHA20_POLY1305_SHA256(STRONG,TLSv1.3)

References

Code

org/zaproxy/zap/extension/httpsinfo/HttpsConfigScanRule.java