Unencrypted Connection

Description

During the scan, Kayran was able to establish a connection to an unencrypted connection. An attacker can intercept and modify data sent and received from this site.

Bussines Impact

To exploit this vulnerability, the attacker must be properly placed to eavesdrop on the victim’s network traffic.

This technique commonly occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, a corporate, etc.

Recommendation

The application should use transport-level encryption (SSL/TLS) to protect the communications between the client and the server.

Reference

https://cwe.mitre.org/data/definitions/326.html

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »