Inspectopedia Help

Insecure TLS/SSL trust manager

Insecure TLS/SSL trust manager

This check looks for X509TrustManager implementations whose checkServerTrusted or checkClientTrusted methods do nothing (thus trusting any certificate chain) which could result in insecure network traffic caused by trusting arbitrary TLS/SSL certificates presented by peers.

Issue id: TrustAllX509TrustManager

https://goo.gle/TrustAllX509TrustManager

Inspection Details

Available in:

IntelliJ IDEA 2023.3, Qodana for Android 2023.3, Qodana for JVM 2023.3

Plugin:

Android, 2022.3.1 Beta 2

Last modified: 13 July 2023
Insecure HostnameVerifier Insecure call to SSLCertificateSocketFactory.createSocket()