Use of plain HTTP.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | elb |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The configuration allows traffic to the AWS Application Load Balancer over plain HTTP instead of HTTPS, sending data unencrypted over the network. This exposes sensitive information to anyone who can intercept the traffic.
Impact#
An attacker intercepting HTTP traffic can view or manipulate sensitive data, such as user credentials or session tokens, leading to data breaches, credential theft, or unauthorized access to applications or services.
Resolution#
Switch to HTTPS to benefit from TLS security features