Unencrypted Connection

Description

During the scan, Kayran managed to detect that the application communicates using an unencrypted connection. It has being detected because Kayran was able to establish connection to an unencrypted connection.

Without encryption in place, data transmitted between the client and server remains in plaintext, making it susceptible to interception, eavesdropping, or man-in-the-middle attacks by malicious actors.

Communicating over an unencrypted connection presents a grave security and privacy risk.
Sensitive data, including login credentials, personal information, or business-critical data, can be intercepted, viewed, or even modified in transit.
This could result in unauthorized access, data breaches, and data tampering.

This technique commonly occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate one and so on.

Recommendation

It is imperative to adopt encrypted communication protocols for all data transmissions.
Implementing transport-level encryption (SSL/TLS) by procuring and setting up a valid certificate from a trusted Certificate Authority (CA) for your application is essential to protect the communications being made between the client and the server.

Regularly renew and update the certificates and ensure adherence to best practices for SSL/TLS configurations to keep up with the cryptographic standards.

References

https://cwe.mitre.org/data/definitions/310.html

https://cwe.mitre.org/data/definitions/319.html

https://cwe.mitre.org/data/definitions/326.html

< Return to all Vulnerabilities

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »