Use of an insecure channel - FTP
Description
Customer information is transmitted over a channel that does not use encryption, so credentials and confidential information can be captured in plain text.
Impact
Capture user credentials after a MitM attack.
Recommendation
Deploy the application over an encrypted communication channel, such as SFTP.
Threat
Anonymous attacker from adjacent network.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
181 - Transmit data using secure protocolsRules
C Sharp Plaintext Ftp No TlsGo Unencrypted Ftp ConnectionTerraform Ftp Deployments EnabledJava Insecure Ftp Session FactoryGo Disabled Ignore Host KeysRuby Ftp Unencrypted ConnectionDart Ftp Unencrypted ConnectionGo Insecure Tls Skip VerificationJava Unencrypted Ftp ConnectionPython Unencrypted Ftp ConnectionJava Insecure Ftp Connection Used