A recent survey by AppViewZ found that internet certificates are exposed to vulnerabilities. The survey found that nearly 80% of transport layer security (TLS) certificates on the internet are vulnerable to Man in the Middle (MiM) attacks, while as many as 25% of all certificates are expired at any given time.

Survey highlights include:

  • 21% of servers on the internet utilize TLS 1.3, meaning 79% of SSL certificates in use today are still subject to MiM attacks.
  • Up to 25% of certificates on the internet pose a security threat because are expired (10%) or self-signed (15%) which are not considered secure for publicly accessible websites or services.
  • 45% of IP addresses exposed to the top 10 vulnerabilities also had expired certificates (22%) or self-signed certificates (23%).
  • The Generic Top-Level Domains (gTLDs) with the most expired certificates are:
    • .org (15%)
    • .com (12%)
    • .mil (11%)