Insecure Transition From Https To Http

  1. Home
  2. VULNERABILITIES

Title:

Found insecure transition from HTTPS to HTTP in form HTTP POST, Possible information disclosure.

Vulnerability:

What does communication over HTTP & HTTPS mean?
HTTP stands for Hyper Text Transfer Protocol
HTTPS stands for Hyper Text Transfer Protocol Secure
The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted.
Utilizing HTTPS, the PCs agree to a "code" among-st them, and afterward they scramble the messages utilizing that "code" with the goal that nobody in the middle of can read them. This guards your data from attackers.
They utilize the "code" on a Secure Sockets Layer (SSL), in some cases called Transport Layer Security (TLS) to send the data forward and backward.

Hence, at times certain application implement HTTPS secured protection communication only for login page to ensure user credentials are POSTed over an encrypted channel. And certain critical POST requests within application are communicated over HTTP which enables an attacker to capture sensitive data of application by Man-in-the-middle attack. Ex: Customer information, like credit card numbers, etc.

Verification of vulnerability:

  • Load the URL into the browser
  • Select login page or money transfer page for transaction (if any)
  • Notice in the URL bar if the login.com or moneytransfer.com page have https://login.com and https://moneytransfer.com
  • If not you could easily capture the sensitive data over the wire
  • If yes also check the URL bar after login for pages which does not HTTPS configured (many times HTPPS is not configured for all pages/URI?s of application.)

Solution:

Configure HTTPS for all HTTP POST request within the web application to ensure communication of data over encrypted channel for security.
Simple solution while configuring web server or website pages ensure to include all the URI?s or pages of website under HTTPS communication channel, follow this as a best practice for any type of server.

Content Sniffing Header Vulnerability, Admin Interface Externally Open

Content Sniffing Not Disabled

OWASP Top 10 Security Testing, Content Sniffing Not Disabled

Session Cookie Found Without Secure Flag Set.

Session Cookie Found Without Secure Flag Set, Web App Security Testing Services Company

How To Enable Content Sniffing?

How To Enable Content Sniffing?, Content Sniffing Header Vulnerability

Clickjacking: X-Frame-Options Header Missing

OWASP Top 10 Security Testing , Clickjacking: X-Frame-Options Header Missing

Error Page Discloses Web Server Version

Web App Security Testing Services Company, Clickjacking: X-Frame-Options Header Missing

Error Page Discloses Web Server Version

Error Page Discloses Web Server Version, Content Sniffing Header Vulnerability

How To Disable Web Dav Extensions?

Error Page Discloses Web Server Version, OWASP Top 10 Security Testing

How To Configure Access-Control-Allow-Origin Header?

Web App Security Testing Services Company, How To Disable Web Dav Extensions?

How To Disable Custom Errors At Webroot?