Use of an insecure channel
Description
The system transmits information through a channel without encryption.
Impact
Capture confidential information and credentials in plain text.
Recommendation
Deploy the application over an encrypted communication channel, for instance, HTTPS with TLS.
Threat
Anonymous attacker on adjacent network performing a man-in-the-middle.
Expected Remediation Time
⏱️ 15 minutes.
Requirements
181 - Transmit data using secure protocolsScore
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
A
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
A
Confidentiality (VC)
L
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P