Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The web app is not configured to enforce HTTPS, allowing users to access it over unencrypted HTTP. This can expose sensitive data in transit to interception or tampering.
Impact#
If exploited, attackers could intercept or modify data sent between users and the app, potentially stealing credentials, session tokens, or other confidential information. This puts user privacy and application security at risk, and may violate compliance requirements.