Expected Findings
- `/login` and `/api/*` accept plaintext HTTP requests.
- TLS endpoint advertises TLS 1.0 / 1.1 and RC4 ciphers.
- Certificate expired and chain includes a weak SHA-1 intermediate.
Transport Audit
TLS Downgrade
Sensitive paths are reachable over plaintext HTTP, the TLS listener offers TLS 1.0 with RC4, and the certificate has expired.
CWE-319CWE-326
TLS posture
Primary Flows
- TLS audit Cipher and version exposure
- Plaintext login No HSTS, no upgrade
Signals
Server config
TLSv1 TLSv1.1 TLSv1.2 Ciphers: RC4-SHA, AES128-SHA