TF 0163 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
CloudFront distribution allows unencrypted (HTTP) communications.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | cloudfront |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description
The CloudFront distribution is configured to allow unencrypted HTTP connections, exposing data in transit to anyone monitoring the network. Secure HTTPS is not enforced, leaving communications vulnerable to interception.
Impact
Allowing unencrypted HTTP traffic enables attackers to eavesdrop on sensitive information exchanged between users and CloudFront, such as authentication credentials or personal data. This can lead to data breaches, session hijacking, and non-compliance with security standards.
Resolution
Only allow HTTPS for CloudFront distribution communication