TLS version is outdated
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | MEDIUM | Azure | NETWORK |
Description
The Transport Layer Security (TLS) is a protocol whose role is to secure the data transferred from and to the app.
Older, deprecated versions of TLS must not be used, as they rely on outdated cryptographic methods. This makes some exploits possible, such as BEAST (Browser Exploit Against SSL/TLS) or POODLE (Padding Oracle On Downgraded Legacy Encryption).
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Attackers may intercept data by exploiting known vulnerabilities of these TLS versions.
Remediation guidelines
Deprecated TLS versions are disabled by default. Do not enable them unless it is absolutely necessary.