Data protection

Unencrypted web endpoint exposing password input field

Risk Level

Hazardous (3)

Platform(s)
  • N/A

Compliance Frameworks

Description

Web page contains a form with password as input while using unencrypted connection. By sending password information in plaintext over an unencrypted connection, there is a risk that the password could be intercepted by an attacker. This could potentially lead to unauthorized access to the user's account, or other security issues.
  • Recommended Mitigation

    It is recommended to always use an up-to-date encryption protocol with a valid certificate on every web server