A penetration tester discovers that a web application is using outdated SSL/TLS protocols (TLS 1.

Outdated encryption protocols such as SSL 3.0 and TLS 1.0 contain numerous cryptographic weaknesses, making them susceptible to downgrade attacks, cipher-suite vulnerabilities, and interception. CEH explains that weak SSL/TLS configurations expose encrypted traffic to man-in-the-middle attacks because attackers can exploit vulnerabilities such as BEAST, POODLE, or weak ciphers to decrypt or manipulate data in transit. These flaws compromise confidentiality and integrity, allowing attackers to observe login credentials, session identifiers, or sensitive information. XSS and SQL injection exploit entirely different web vulnerabilities unrelated to encryption strength. Brute-forcing SSL handshakes is computationally infeasible and not relevant. Therefore, a MitM attack targeting the outdated protocol is the most effective exploitation method.