🔥 HIGH: SSL Context Security Bypass

[parmarmanojkumar]

🔥 HIGH SECURITY VULNERABILITY

File: service/service.py - Lines 166-168

Issue

SSL certificate validation disabled in SSL context:

ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE

Impact

• HTTPS requests vulnerable to interception
• Man-in-the-middle attacks possible
• TLS security completely bypassed

Fix

Remove dangerous SSL bypass lines and use secure defaults.

Priority: High - Fix before production deployment.

[InfosysResponsibleAI]

Thank you for sharing the issues and recommendation. We are analyzing the pull request at our end and will revert back to you as early as possible.