Without SSL pinning enforced, an attacker could man-in-the-middle the connection between the mobile applications and back-end web services.
SSL Null Ciphers Support EnabledIt gets worse.
Null Ciphers do not perform any encryption.
That is, it simply copies the input stream to the output stream without any changes.
SSLv2 is vulnerable to several specific attacks which require sniffing and man-in-the-middling.
In addition, SSLv2 utilizes MAC post-encryption and 40-bit MACs, which are both considered design flaw weaknesses.
source: www.techworm.net
