Skip to main content

Missing Encryption of Sensitive Data


Severity Medium
Score 6.5/10


MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any data source. In versions prior to, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In the patched versions, certificates are validated by default, which is the desired behavior.

  • LOW
  • NONE
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-311 - Missing Encryption of Sensitive Data

The software does not encrypt sensitive or critical information before storage or transmission.

Advisory Timeline

  • Published