Reliance on HTTP instead of HTTPS

The product provides or relies on use of HTTP communications when HTTPS is available.

  • Source

    CWE Catalog - 4.17

  • Identifier

    CWE-1428

  • Status

    Incomplete

Contents

Description

Because HTTP communications are not encrypted, HTTP is subject to various attacks against confidentiality, integrity, and authenticity. However, unlike many other protocols, HTTPS is widely available as a more secure alternative, because it uses encryption.

See Also

Comprehensive Categorization: Encryption

Weaknesses in this category are related to encryption.

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Weaknesses Introduced During Design

This view (slice) lists weaknesses that can be introduced during design.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.