022 – Use of an insecure channel

Description

The system transmits information through a channel without encryption.

Impact

Capture confidential information and credentials in plain text.

Recommendation

Deploy the application over an encrypted communication channel, for instance, HTTPS with TLS.

Threat

Anonymous attacker on adjacent network performing a man-in-the-middle.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: A
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: A
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 181 - Transmit data using secure protocols

Fixes

• Dart
• Elixir
• Go
• Java
• Php
• Python
• Scala
• Swift
• Typescript

Last updated

2024/02/07