J2EE Misconfiguration: Data Transmission Without Encryption

Draft Variant

Structure: Simple

Description

Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.

Common Consequences 2

Scope: Confidentiality

Impact: Read Application Data

Scope: Integrity

Impact: Modify Application Data

Potential Mitigations 1

Phase: System Configuration

The product configuration should ensure that SSL or an encryption mechanism of equivalent strength and vetted reputation is used for all access-controlled pages.

References 1

Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

Katrina Tsipenyuk, Brian Chess, and Gary McGraw

NIST Workshop on Software Security Assurance Tools Techniques and Metrics • NIST

07-11-2005

https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf

ID: REF-6

Applicable Platforms

Languages:

Java : Undetermined

Modes of Introduction

Implementation

Operation

Related Weaknesses

ChildOf:

Cleartext Transmission of Sensitive Information (CWE-319)

Taxonomy Mapping

7 Pernicious Kingdoms

Notes

Other If an application uses SSL to guarantee confidential communication with client browsers, the application configuration should make it impossible to view any access controlled page without SSL. There are three common ways for SSL to be bypassed: - A user manually enters URL and types "HTTP" rather than "HTTPS". - Attackers intentionally send a user to an insecure URL. - A programmer erroneously creates a relative link to a page in the application, which does not switch from HTTP to HTTPS. (This is particularly easy to do when the link moves between public and secured areas on a web site.)