Insecure Network Communication
Cleartext Transmission
About Cleartext Transmission
What is Cleartext Transmission?
Cleartext transmission, also known as plaintext transmission, refers to the process of transmitting data over a network or communication channel without encryption or other security measures that protect the data from interception or unauthorized access.
In cleartext transmission, the data is transmitted in plain, human-readable format, which means that anyone who has access to the communication channel can read, intercept, or modify the data without any difficulty.
Cleartext transmission can occur in various communication protocols, such as HTTP, FTP, SMTP, and Telnet, and can affect various types of data, such as login credentials, credit card information, personal data, and other types of sensitive information.
Check out these videos for a high-level explanation:
Communication over cleartext protocol
Unprotected transport of sensitive information
Unprotected transport of credentials
What is the impact of Cleartext Transmission?
Cleartext transmission can lead to various security threats and risks, such as:
- Information disclosure: Cleartext transmission can expose sensitive or confidential information to unauthorized parties, such as passwords, credit card numbers, personal data, or other types of sensitive information.
- Man-in-the-middle attacks: Cleartext transmission can be intercepted by attackers who can eavesdrop on the communication channel, modify or steal the data, or impersonate the parties involved in the communication.
- Identity theft: Cleartext transmission can lead to identity theft, where attackers can use stolen personal data to assume the identity of victims and perform various malicious activities, such as financial fraud or unauthorized access to systems.
- Data tampering: Cleartext transmission can allow attackers to modify or inject false data into the communication channel, leading to data tampering, data corruption, or other types of malicious activities.
How to prevent Cleartext Transmission?
To prevent cleartext transmission, you can take the following steps:
- Use encryption: Encrypt sensitive data before transmitting it over any communication channel. Use encryption protocols such as SSL/TLS or HTTPS to ensure that data is encrypted in transit.
- Secure communication channels: Use secure communication channels such as SFTP, SSH, or VPNs to transmit sensitive data. These protocols provide encryption and authentication, which can help prevent unauthorized access and eavesdropping.
- Disable cleartext protocols: Disable cleartext protocols such as HTTP or FTP, and use only encrypted protocols such as HTTPS or SFTP to transmit sensitive data.
- Implement data validation: Implement data validation mechanisms to ensure that only valid data is transmitted. Validate user input and filter out any sensitive data before transmitting it.
References
Taxonomies
Related CVEs
Training
Fixing Secure Pages with Mixed Content
A page containing mixed content has been detected by our runtime engines.
Secure pages with mixed content are web pages that are served over a secure HTTPS connection but contain a mix of both secure (HTTPS) and non-secure (HTTP) resources. This situation can occur when a web page uses HTTPS for the main content, but some elements within the page, such as images, videos, scripts, or stylesheets, are served over an insecure HTTP connection.
Mixed content can lead to security vulnerabilities and compromise the privacy and integrity of the secure page. For example, attackers may be able to intercept or manipulate the insecure resources, which could result in data breaches or unauthorized access to sensitive information.
Modern web browsers generally display a warning when encountering mixed content and may block insecure resources by default to protect users. To ensure the best security, it's important for web applications to serve all resources over HTTPS and avoid mixed content.