Use of insecure channel - Source code | Fluid Attacks Database

Database

Description

Customer information is transmitted over a channel that does not use encryption.

Impact

- Capture sensitive information and credentials in plain text. - Intercept communication and steal or forge requests and responses.

Recommendation

Deploy the application over an encrypted communication channel, e.g. HTTPS using TLS.

Threat

Anonymous attacker in adjacent network executing a man-in-the-middle attack.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

181 - Transmit data using secure protocols

Rules

Ruby Insecure Openuri Http Request Java Datasource Encryption Disabled Docker Jmxremote Ssl Disabled In Env Kotlin Cleartext Connection Spec Dart Socket Insecure Tcp Use Java Unencrypted Socket Connection C Sharp Oauth Allow Insecure Http True Java Http Url In Properties Terraform Insecure Http Port Json Yaml Insecure Http Port Json Yaml Insecure Tcp Protocol Usage Terraform Tcp Ingress On Http Port Json Yaml Gateway Server Uses Http Json Yaml Ssl Disabled In Config Java Unsafe Tls Renegotiation Enabled Java Jdbc Url Ssl Disabled

Fixes

Cloudformation Csharp Dart Go Java JavaScript/TypeScript Php Python Scala Swift