Description

Customer information is transmitted over a channel that does not use encryption, so credentials and confidential information can be captured in plain text.

Impact

Capture user credentials after a MitM attack.

Recommendation

Deploy the application over an encrypted communication channel, such as SFTP.

Threat

Anonymous attacker from adjacent network.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes