Unencrypted Connection

Description

During the scan, Kayran managed to detect Unencrypted Connection (or, connectionss).
During the scan, Kayran was able to establish connection to an unencrypted connection. An attacker can intercept and modify data sent and received from this site.

To exploit this vulnerability, the attacker will eavesdrop the victim’s network traffic and data transfer.
This technique commonly occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate one and so on.

Recommendation

The application should use a transport-level encryption (SSL/TLS) to protect the communications being made between the client and the server.

References

https://cwe.mitre.org/data/definitions/310.html

https://cwe.mitre.org/data/definitions/319.html

https://cwe.mitre.org/data/definitions/326.html

< Return to all Vulnerabilities

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »