Self signed certificate
Plugin details
| Severity | Medium |
|---|---|
| ID | 10010 |
| Category | Authentication |
| CVSS score | 5.4 |
| CVSS link | https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Synopsis
The server can be accessed using unauthorized applications.
Description
The server trusts client applications with self-signed certificates. With this setting, application authentication is effectively disabled. Without application authentication, the server can be accessed using unauthorized applications.
Solution
Only trust certificates signed by a trusted authority.