CWE-1428Reliance on HTTP instead of HTTPS

PUBLISHEDweakness record
released 2025-04-03 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1428
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2025-04-03
更新日期:
2025-12-11

名称

Reliance on HTTP instead of HTTPS

描述

The product provides or relies on use of HTTP communications when HTTPS is available.

Because HTTP communications are not encrypted, HTTP is subject to various attacks against confidentiality, integrity, and authenticity. However, unlike many other protocols, HTTPS is widely available as a more secure alternative, because it uses encryption.

常见后果

范围:
Confidentiality, Integrity
影响:
Read Application Data, Modify Application Data
注释:
HTTP can be subjected to attacks against confidentiality (by reading cleartext packets); integrity (by modifying sessions); and authenticity (by compromising servers and/or clients using cache poisoning, phishing, or other attacks that enable attackers to spoof a legitimate entity in the communication channel).

相关 CWE