Threat Class :Information Leakage
Reason :The test response is very similar to the original response. This indicates that the the resource was successfully accessed using HTTP instead of HTTPS.
Technical Description :During the application test, it was detected that the site uses an encrypted connection to protect sensitive information.
However, it was possible to receive these resources using HTTP, which means that sensitive information may be sent unencrypted to the server and/or back to the user.
Any information sent to the server as clear text, may be stolen and used later for identity theft or user impersonation.
In addition, several privacy regulations state that sensitive information such as user credentials will always be sent encrypted to the web site.
It is recommended to enforce the use of an encrypted connection (e.g. SSL), and not allow access to sensitive information using unencrypted HTTP.
Risk :It may be possible to steal sensitive data such as credit card numbers, social security numbers etc. that are sent unencrypted
Mitigation: Make sure that sensitive information such as:
is always sent encrypted to the server.
Threat Class :Information Leakage Reason :The test response is very similar to the original response. This indicates that the the resource was successfully accessed using HTTP instead of HTTPS. Technical Description :During the application test, it was detected that the site uses an encrypted connection to protect sensitive information. However, it was possible to receive these resources using HTTP, which means that sensitive information may be sent unencrypted to the server and/or back to the user. Any information sent to the server as clear text, may be stolen and used later for identity theft or user impersonation. In addition, several privacy regulations state that sensitive information such as user credentials will always be sent encrypted to the web site. It is recommended to enforce the use of an encrypted connection (e.g. SSL), and not allow access to sensitive information using unencrypted HTTP. Risk :It may be possible to steal sensitive data such as credit card numbers, social security numbers etc. that are sent unencrypted
Mitigation: Make sure that sensitive information such as: is always sent encrypted to the server.
https://preprod.armorcode.ai/#/findings/3505729