Read Time:26 Second

Description

Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-319

 

Consequences

Confidentiality: Read Application Data

Integrity: Modify Application Data

 

Potential Mitigations

Phase: System Configuration

Description: 

The application configuration should ensure that SSL or an encryption mechanism of equivalent strength and vetted reputation is used for all access-controlled pages.

CVE References