Usage of insecure SMTP connection

• Rule ID: php_symfony_insecure_smtp
• Languages: php
• Source: insecure_smtp.yml

Description

An insecure SMTP connection can expose transmitted data to unauthorized access. This rule identifies if SMTP settings are configured to enforce secure connections.

Remediations

• Do enable SSL encryption in your SMTP configuration to secure the connection. This prevents unauthorized access to the data being transmitted.

  return static function (ContainerConfigurator $container): void {
    $container->extension('framework', [
      'mailer' => [
        'dsn' => "foo+smtp://wherever?verify_peer=true",
      ],
    ]);
  };

References

• OWASP insecure transport

Associated CWE

• CWE-319: Cleartext Transmission of Sensitive Information

OWASP Top 10

• A02:2021 - Cryptographic Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_symfony_insecure_smtp

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_symfony_insecure_smtp