017 – Sensitive information sent insecurely

Description

The system sends sensitive information through a channel or method which does not guarantee its confidentiality or integrity.

Impact

Compromise sensitive information traveling in a insecure channel

Recommendation

Guarantee that credentials be sent through a more secure channel, such as session variables or using HTTP POST method.

Threat

Anonymous attacker from adjacent network.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 032 - Avoid session ID leakages
• 181 - Transmit data using secure protocols

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Swift
• Typescript

Last updated

2024/02/07