TF 0207 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of plain HTTP.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | network |
| Provider | Nifcloud |
| Vulnerability Type | misconfiguration |
Description
The configuration allows network traffic over plain HTTP, which transmits data without encryption. This exposes sensitive information to anyone able to intercept the network traffic.
Impact
Attackers can eavesdrop on unencrypted HTTP traffic, potentially capturing credentials, session tokens, or other confidential data in transit. This can lead to data breaches, credential theft, and compromise of user or organizational information.
Resolution
Switch to HTTPS to benefit from TLS security features