problem-based-packs.insecure-transport.java-stdlib.tls-renegotiation.tls-renegotiation

profile photo of returntocorpreturntocorp
Author
6,272
Download Count*

Checks for cases where java applications are allowing unsafe renegotiation. This leaves the application vulnerable to a man-in-the-middle attack where chosen plain text is injected as prefix to a TLS connection.

Run Locally

Run in CI

Defintion

rules:
  - id: tls-renegotiation
    message: Checks for cases where java applications are allowing unsafe
      renegotiation. This leaves the application vulnerable to a
      man-in-the-middle attack where chosen plain text is injected as prefix to
      a TLS connection.
    severity: WARNING
    metadata:
      likelihood: LOW
      impact: MEDIUM
      confidence: MEDIUM
      category: security
      cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
      owasp: A03:2017 - Sensitive Data Exposure
      references:
        - https://www.oracle.com/java/technologies/javase/tlsreadme.html
      subcategory:
        - vuln
      technology:
        - java
      vulnerability: Insecure Transport
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    languages:
      - java
    pattern: >
      java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation",
      true);

Examples

tls-renegotiation.java

class Bad {
    public void bad1() {
        // ruleid: tls-renegotiation
        java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", true);
    }
}

class Ok {
    public void ok1() {
        // ok: tls-renegotiation
        java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", false);
    }
}