diff --git a/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.qhelp b/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.qhelp index 5f7b4ec39ac..d76927c050e 100644 --- a/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.qhelp +++ b/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.qhelp @@ -13,14 +13,13 @@ An attack might look like this:

    -
  1. The vulnerable program connects to https://example.com. -
  2. The attacker intercepts this connection and presents a valid, self-signed certificate for https://example.com. -
  3. The vulnerable program calls the checkServerTrusted method to check whether it should trust the certificate. -
  4. The checkServerTrusted method of your TrustManager does not throw a CertificateException. -
  5. The vulnerable program accepts the certificate and proceeds with the connection since your TrustManager implicitly trusted it by not throwing an exception. -
  6. The attacker can now read the data your program sends to https://example.com and/or alter its replies while the program thinks the connection is secure. +
  7. The vulnerable program connects to https://example.com.
    8. +
  8. The attacker intercepts this connection and presents a valid, self-signed certificate for https://example.com.
    9. +
  9. The vulnerable program calls the checkServerTrusted method to check whether it should trust the certificate.
    10. +
  10. The checkServerTrusted method of your TrustManager does not throw a CertificateException.
    11. +
  11. The vulnerable program accepts the certificate and proceeds with the connection since your TrustManager implicitly trusted it by not throwing an exception.
    12. +
  12. The attacker can now read the data your program sends to https://example.com and/or alter its replies while the program thinks the connection is secure.
-