Sensitive Data over HTTP
- CAPEC 65
- CWE 319
- WASC 4
- PCI 3.2-6.5.4
- OWASP 2017-A3
Sensitive data (e.g. password, credit cards) is being transmitted over HTTP. An attacker can intercept network traffic and steal the data.
Remediation
All sensitive data should be transmitted over HTTPS instead of HTTP.
References
Go Back to List
Search Vulnerability
You may also see
- Long Redirect Response
- Error Message
- Stack Trace
- Internal Path
- Not Secure Cookie
- Not Http-Only Cookie
- Sensitive Data in Query String
- Sensitive Data over HTTP
- Server Error
- Source Code Disclosure
- Information Leakage
- Web Backdoor
- Database Connection String
- Autocomplete Enabled
- Undefined Content-Type Header
- Missing X-Frame-Options Header
- Mixed Content
- Insecure iFrame
- XPath Injection
- Basic Authentication over HTTP
- Forbidden Resource
- Multiple Choices Enabled
- Apache MultiViews Enabled