Configuration Management / Old Tls Version Enabled
Old TLS version enabled is a vulnerability in the Configuration Management of Web and API applications, as well as Infrastructure. This vulnerability can occur when an old version of the Transport Layer Security (TLS) protocol is enabled on a system, allowing an adversary to exploit known vulnerabilities associated with the outdated protocol (CWE-918). According to the OWASP Testing Guide, an attacker exploiting this vulnerability can use weak ciphers and perform man-in-the-middle attacks, making the system vulnerable to data theft and session hijacking.
The risk assessment for this vulnerability is medium. If an attacker is able to exploit this vulnerability, they could gain access to sensitive data, compromise user accounts, and cause further damage to the system and its resources.
The solution to this vulnerability is to disable the outdated version of TLS and enable the latest and most secure version of TLS (TLS 1.2 or higher). This can be done by updating the system to the latest version of the TLS protocol or by configuring the system to use the latest version of TLS.
The following code example shows how to enable TLS 1.2 on a web server:
# enable TLS 1.2 ssl_protocols TLSv1.2;