Smtp InsecureSmtp
The Apache commons mail client by default does not enable TLS server identity. This allows for an adversary who is in between the application and the target host to intercept potentially sensitive information or transmit malicious data. Enable checking server identity by calling `Email.setSSLCheckServerIdentity(true)` Example email client that enables TLS an
greprules fetch gitlab-sast-java-smtp-rule-insecuresmtp --engine opengrepDescription
The Apache commons mail client by default does not enable TLS server identity. This allows for an adversary who is in between the application and the target host to intercept potentially sensitive information or transmit malicious data. Enable checking server identity by calling `Email.setSSLCheckServerIdentity(true)` Example email client that enables TLS an
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.