Plain HTTP is used
| Severity | Exploitability | Providers | Categories |
|---|---|---|---|
| HIGH | HIGH | AWS, Azure | NETWORK |
Description
Plain HTTP should not be used, it is unencrypted. HTTPS should be used instead.
Impact
| Potential data exposure | Visible in logs | User interaction required | Privileges required |
|---|---|---|---|
| True | False | True | False |
Data is transmitted unencrypted, an eavesdropper has access to every request and response. An intruder can gain access to more systems by listening to unencrypted authentication requests. It also facilitates man-in-the-middle attacks.
Remediation guidelines
Identify and apply the policy for the concerned resource which enforces HTTPS only
References
Was this page helpful?
