MongoDB Driver performs insecure hostname verification. The use of client-side encryption leads to an insecure host name verification in KMS server’s certificate, allowing a MITM with a privileged network position to intercept the traffic between the Java driver and the KMS service rendering.