281 – Use of an insecure channel - Cloud Infrastructure
Description
Insecure communications medium and channels require application data protection in transit.
Impact
- Authenticate and compromise communications channels between the client and the server. - Compromise sensitive information that travels in plain text.
Recommendation
- Enable secure cipher suites and encryption protocols. - Encryption and data integrity authentication are important for protecting the communications channel. - It is equally important to authenticate the identity of the remote end of the connection.
Threat
Anonymous attacker from adjacent network performing a MitM attack
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: A
- Attack complexity: H
- Attack Requirements: N
- Privileges required: N
- User interaction: A
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P