HTTP by Default

The website lacks a proper SSL certificate, making it vulnerable to Man-in-the-Middle attacks that can expose users' usernames and passwords. This risk is particularly high for users on public or shared networks. To mitigate this vulnerability, it is recommended to implement an SSL certificate to ensure secure HTTPS connections.

Uploaded by

piyushcyber9

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

10 views1 page

HTTP by Default

Uploaded by

piyushcyber9

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 1

Vulnerability - HTTP by default

-----------------------------------------------------------------------------------
-----------------------------------------------------------

Description -

The website is not fully protected by an SSL certificate. This could allow an
attacker in a Man-in-the-Middle position to obtain usernames and passwords of users
visiting the site.
-----------------------------------------------------------------------------------
-----------------------------------------------------------

Steps to Reproduce -

1 - Open the domain - http://abc.com

2 - Copy the URL and open a new tab
3 - Paste the URL and add a "S" in the domain and check if it redirects it to https
4 - If it does not open on https, it is vulnerable.
-----------------------------------------------------------------------------------
-----------------------------------------------------------

Impact -

If a user were to visit this page from a public or shared network (eg, office,
airport, library, etc) and login into an account, a malicious user on the same
network would be able to obtain that user's username and password by conducting a
Man-in-the-Middle attack using Wireshark.

This would allow the malicious user complete access to the user's account.
-----------------------------------------------------------------------------------
-----------------------------------------------------------

Remediation -

Add an SSL certificate so that the website becomes secure and opens on HTTPS.
-----------------------------------------------------------------------------------
-----------------------------------------------------------

HTTP & Https Both Available
No ratings yet
HTTP & Https Both Available
1 page
Vulnerabilities Notes
No ratings yet
Vulnerabilities Notes
68 pages
WebApp Report
No ratings yet
WebApp Report
9 pages
Website Vulnerability Scanner Report (Light)
No ratings yet
Website Vulnerability Scanner Report (Light)
6 pages
IntruderReport - 2024 02 15
No ratings yet
IntruderReport - 2024 02 15
9 pages
Web Application (Muthoot - Com) - Pentesting - Revalidation - Report - 26-4-2023
No ratings yet
Web Application (Muthoot - Com) - Pentesting - Revalidation - Report - 26-4-2023
148 pages
Sample Answer - CODE Hack
No ratings yet
Sample Answer - CODE Hack
1 page
Fcs Bug Submissions-2022130
No ratings yet
Fcs Bug Submissions-2022130
18 pages
Handout 08. Web Security
No ratings yet
Handout 08. Web Security
23 pages
Vapt 1
No ratings yet
Vapt 1
18 pages
24 Httpwatevers
No ratings yet
24 Httpwatevers
38 pages
Web Server Security Essentials
No ratings yet
Web Server Security Essentials
66 pages
Digi Da3
No ratings yet
Digi Da3
13 pages
CIBERSEGURIDAD
No ratings yet
CIBERSEGURIDAD
29 pages
IDOR and HTTP Security Headers
100% (2)
IDOR and HTTP Security Headers
8 pages
Vulnerability Report
No ratings yet
Vulnerability Report
6 pages
Sohail Khan PRENTATION 2
No ratings yet
Sohail Khan PRENTATION 2
10 pages
HTTPS - Wikipedia
No ratings yet
HTTPS - Wikipedia
12 pages
Vuln Impacts Mitigations
No ratings yet
Vuln Impacts Mitigations
3 pages
FALLSEM2023-24 BCI4002 ETH VL2023240103499 2023-09-20 Reference-Material-I
No ratings yet
FALLSEM2023-24 BCI4002 ETH VL2023240103499 2023-09-20 Reference-Material-I
17 pages
Unit 4 CNS
No ratings yet
Unit 4 CNS
11 pages
Zero Web App Vulnerability
No ratings yet
Zero Web App Vulnerability
11 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
4 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
6 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
5 pages
22BCY10188 - Himanshu Goyal - Technical Implementation-HTTPs
No ratings yet
22BCY10188 - Himanshu Goyal - Technical Implementation-HTTPs
24 pages
Cybersecurity Vulnerability Analysis
No ratings yet
Cybersecurity Vulnerability Analysis
18 pages
Website Vulnerability Scan Report
No ratings yet
Website Vulnerability Scan Report
4 pages
Web Application Audit Report: Demo Account
No ratings yet
Web Application Audit Report: Demo Account
12 pages
Insufficient Transport Layer Protection
100% (1)
Insufficient Transport Layer Protection
24 pages
Unit 5
No ratings yet
Unit 5
10 pages
HTML 5
No ratings yet
HTML 5
2 pages
Top 44 Web Vulnerabilities List
No ratings yet
Top 44 Web Vulnerabilities List
2 pages
Report SAR
No ratings yet
Report SAR
9 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
6 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
8 pages
Hacking With Chat GPT
No ratings yet
Hacking With Chat GPT
3 pages
Ilead Eduassist Portal Scan Detailedvulnerability Report
No ratings yet
Ilead Eduassist Portal Scan Detailedvulnerability Report
114 pages
Altoro Mutual VAPT
No ratings yet
Altoro Mutual VAPT
19 pages
Nmap Scan: Vulnerabilities Found
No ratings yet
Nmap Scan: Vulnerabilities Found
10 pages
Understanding Web Security. The Guardian's Guide For Software - by Vitor Britto - Medium
No ratings yet
Understanding Web Security. The Guardian's Guide For Software - by Vitor Britto - Medium
16 pages
Unit 4
No ratings yet
Unit 4
32 pages
Hacker 101
No ratings yet
Hacker 101
2 pages
Must Know Hacking!3
No ratings yet
Must Know Hacking!3
60 pages
WWW - Simplybasics.in Site Audit Report
No ratings yet
WWW - Simplybasics.in Site Audit Report
47 pages
Firesheep Side Jacking Attacks
No ratings yet
Firesheep Side Jacking Attacks
5 pages
Web Exploitation
No ratings yet
Web Exploitation
18 pages
OWASP3
No ratings yet
OWASP3
27 pages
Cybersecurity Scan Report: Phil Golden
No ratings yet
Cybersecurity Scan Report: Phil Golden
15 pages
Vulnerability Report
No ratings yet
Vulnerability Report
13 pages
SSL Hijacking for Security Experts
No ratings yet
SSL Hijacking for Security Experts
7 pages
Web Security Basics & Vulnerabilities
No ratings yet
Web Security Basics & Vulnerabilities
16 pages
Website Vulnerability Scanner Report (Light)
No ratings yet
Website Vulnerability Scanner Report (Light)
6 pages
(موقع الجامعة الصفحة الرئيسية (paluniv.edu.ps
No ratings yet
(موقع الجامعة الصفحة الرئيسية (paluniv.edu.ps
13 pages
Comprehensive Security Vulnerabilities List
No ratings yet
Comprehensive Security Vulnerabilities List
1 page
Vulnerability Assessment Report Template
No ratings yet
Vulnerability Assessment Report Template
14 pages
Open Redirect Bug Exploit Method
No ratings yet
Open Redirect Bug Exploit Method
3 pages
Web Vulnerabilities Guide
No ratings yet
Web Vulnerabilities Guide
35 pages

HTTP by Default

Uploaded by

HTTP by Default

Uploaded by

Vulnerability - HTTP by default

1 - Open the domain - http://abc.com

You might also like