Channel Accessible by Non-Endpoint
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-300: Channel Accessible by Non-Endpoint |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The gRPC server is being started without SSL/TLS credentials, which means connections to it are not encrypted. This allows clients to connect over an insecure channel, making sensitive data visible in transit.
Impact#
Without encryption, attackers could intercept, read, or modify gRPC messages between clients and the server. This could expose confidential information, allow message tampering, or open the server to various network-based attacks, potentially compromising application integrity and user data.