Description

Customer information is transmitted over a channel that does not use encryption.

Impact

- Capture sensitive information and credentials in plain text. - Intercept communication and steal or forge requests and responses.

Recommendation

Deploy the application over an encrypted communication channel, e.g. HTTPS using TLS.

Threat

Anonymous attacker in adjacent network executing a man-in-the-middle attack.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes