Vulnerabilities / TLS certificate about to expire

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N

Severity
Low
CWE Name
TLS certificate about to expire
CWE ID
CWE-324
CVSS Score
Compliance
OWASP TOP10 -> A2
ISO27001 -> A.8.9
TLS certificate about to expire

The TLS certificate sent by the application will expire soon. Web browsers will consider it invalid and will show an error to users of your application. In most cases, browsers and TLS libraries will not allow users to ignore the error, effectively blocking access to your application.

Using an invalid certificate will increase the user’s chances of being victim to a Man-in-the-Middle attack, since this enables a malicious third party to perform the attack with any invalid certificate. This happens because it can be difficult for a user to distinguish between:

  • An expired, but legitimate, certificate sent from the server (OK)
  • An invalid certificate, sent from the attacker (not OK)

This greatly increases the likelihood of a successful MITM attack.

How to fix

  • In order to fix this issue, you should renew the certificate and deploy it in your server before the expiration date of the current certificate.

    You can confirm the expiration date of the certificate by looking at the Not After field.