Use of an insecure channel - HTTP
Description
Client information is transmitted over port 80 or HTTP, a channel that does not use encryption, so credentials and confidential information can be captured in plain text.
Impact
Compromise sensitive information that travels in plain text.
Recommendation
Deploy the application over the HTTPS secure channel using TLS.
Threat
Anonymous attacker on adjacent network running a MitM.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
181 - Transmit data using secure protocolsRules
Aws Traffic Allows HttpAws Domain Allows HttpAws Serves Content Over HttpAws Http Not Redirected To HttpsAws Viewer Policy Allows HttpAws Listeners Not Using HttpsHttp Serves Content Over HttpHttp Insecure Form Action To HttpHttp Mixed ContentTerraform Insecure Http ProtocolRuby Unencrypted Http RequestScala Cleartext Sensitive InformationTerraform Lb Protocol Set To HttpDart Http Cleartext Sensitive InformationJava Resttemplate Insecure Http RequestJson Http Server Serves Insecure HttpJava Webview Load Http UrlPython Httpx Cleartext Sensitive InformationDart Io Cleartext Sensitive InformationJava Insecure Http UrlJava Insecure Http ConnectionDocker Downgrade Protocol To HttpGo Cleartext Sensitive InformationTerraform Https Traffic Only DisabledDart Dio Cleartext Sensitive InformationPython Requests Cleartext Sensitive InformationJava Http Used Instead Of HttpsSwift Insecure Tcp ConnectionJson Yaml Listener On HttpTerraform Http Server Serves Insecure HttpJson Yaml Targetgroup Uses HttpTerraform Https Only Disabled Or MissingPython Urllib3 Cleartext Sensitive InformationRuby Insecure Http RequestsSwift Insecure Http RequestPython Aiohttp Cleartext Sensitive InformationJson Yaml Insecure Viewer Protocol Policy