Use of an insecure channel
Description
The system transmits information through a channel without encryption.
Impact
Capture confidential information and credentials in plain text.
Recommendation
Deploy the application over an encrypted communication channel, for instance, HTTPS with TLS.
Threat
Anonymous attacker on adjacent network performing a man-in-the-middle.
Expected Remediation Time
⌚ 15 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the src.
Base
- Attack vector: A
- Attack complexity: L
- Privileges required: N
- User interaction: R
- Scope: U
- Confidentiality: L
- Integrity: N
- Availability: N
Temporal
- Exploit code maturity: P
- Remediation level: O
- Report confidence: C
Result
- Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
- Score:
- Severity:
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: A
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: A
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
Result 4.0
- Vector string: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
- Score:
- Severity:
Requirements
Fixes
Free trial