To Whom this may concern,
When accessing the site I'm getting an untrusted certificate error due to a name mismatch with the cert. I would highly suggest that this be addresses with a reissued cert and if you are going to do this I highly suggest moving to TLS 1.3.
Here is the Qualys Report:
https://www.ssllabs.com/ssltest/analyze.html?d=saddlehunter.com
Due to this passwords are being sent over a open network and not encrypted. Also Cross Site Scripting is not being blocked.
I would also highly suggest running the site against a pen-test tool when the changes have been made. The link is to a free online tester.
https://pentest-tools.com/website-vulnerability-scanning/web-server-scanner?run
@redsquirrel
When accessing the site I'm getting an untrusted certificate error due to a name mismatch with the cert. I would highly suggest that this be addresses with a reissued cert and if you are going to do this I highly suggest moving to TLS 1.3.
Here is the Qualys Report:
https://www.ssllabs.com/ssltest/analyze.html?d=saddlehunter.com
Due to this passwords are being sent over a open network and not encrypted. Also Cross Site Scripting is not being blocked.
I would also highly suggest running the site against a pen-test tool when the changes have been made. The link is to a free online tester.
https://pentest-tools.com/website-vulnerability-scanning/web-server-scanner?run
@redsquirrel
Last edited: