Missing SSL host check in SMTP
- Rule ID: java_lang_missing_smtp_ssl_host_check
- Languages: java
- Source: missing_smtp_ssl_host_check.yml
SSL certificates must be validated to check that the certificate is from the expected host and the server identity is correct. Without such checks in place, the application is at risk of redirection or spoofing attacks, where an attacker impersonates a trusted host by using a valid SSL certificate from a different host.
✅ Always configure email client to check server identity
Email email = new Email();
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=java_lang_missing_smtp_ssl_host_check
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=java_lang_missing_smtp_ssl_host_check
Ready to take the next step? Learn more about Bearer Cloud.