Usage of insecure SMTP connection

Rule ID: python_django_insecure_smtp
Languages: python
Source: insecure_smtp.yml

Description

An insecure SMTP connection can expose transmitted data to unauthorized access. This rule identifies if SMTP settings are configured to enforce secure connections.

Remediations

Do enable SSL encryption in your SMTP configuration to secure the connection. This prevents unauthorized access to the data being transmitted.
```
EMAIL_USE_TLS = True
```

References

OWASP insecure transport

Associated CWE

CWE-319: Cleartext Transmission of Sensitive Information

OWASP Top 10

A02:2021 - Cryptographic Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=python_django_insecure_smtp

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=python_django_insecure_smtp