Sensitive data not encrypted

Sensitive data not encrypted

Published on 2007-03-23. Updated on 2009-01-28.

Description:
Sensitive data such as credit card numbers, social security numbers are sent without using an encrypted connection. Information sent in clear text is not encrypted and therefore, can be intercepted.

Impact:
Possible sensitive information disclosure.

Recommendation:
Encrypting the transmission of data makes it difficult to intercept sensitive information as it travels between two parties. It is recommended to use an encrypted connection Secure Socket Layer (SSL). In addition, all data sent over an encrypted SSL connection is protected with a mechanism for detecting tampering.

Tags: Scripts

Alert Tags: information_disclosure,sensitive_data_not_over_ssl
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: All

References:

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking