This increases the likelihood of vulnerabilities being exploited, such as outdated encryption protocols or weak ciphers, putting sensitive data at risk during transmission. Weak security policies may also result in non-compliance with industry standards and regulatory requirements.
An attacker intercepts network traffic between a client and a service running behind the ALB. With weak encryption enabled (e.g., SSL 3.0), the attacker can use known vulnerabilities in outdated protocols to decrypt sensitive information, such as authentication credentials or payment details. This can lead to data breaches or unauthorized access.
