Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The App Service is configured to accept both HTTP and HTTPS connections, rather than enforcing HTTPS only. This allows unencrypted (HTTP) traffic, exposing sensitive data to interception.
Impact#
If exploited, attackers could intercept or tamper with data transmitted over insecure HTTP connections, potentially stealing credentials or other sensitive information. This undermines data confidentiality and may lead to compliance violations or user trust issues.