The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user’s network traffic could bypass the application’s use of SSL/TLS encryption and use the application as a platform for attacks against its users.
CPE | Name | Operator | Version |
---|---|---|---|
engineer\\'s_toolset | eq | 2020.2.6 hotfix-4 |