Insufficient Encryption

Overview

This is the most common finding in penetration tests. Having HTTP running on any web service should be ranked as High because of how easy a MITM attack can be if they're on the same network. Using weaker encryption algorithms will have a rank of Low-Moderate because of how an adversary would need a MITM position and advanced tools to decrypt or get a hold of a session key.

Example 1

Example 2

PreviousDefault Credentials NextInformation Disclosure

Last updated 10 months ago

Was this helpful?