Communication with an unsecure SMTP connection detected.

Description

Secure connections using SMTP help prevent unauthorized actors from viewing transmitted data. This policy checks if SMTP mailer settings are set to only allow secure connections.

Remediations

✅ When using the SMTP protocol, make sure to enable SSL encryption in ActionMailer configuration:

config.action_mailer.smtp_settings = {
...
ssl: true
}

Resources

Associated CWE

OWASP Top 10