Insecure Transport

Revision as of 12:39, 29 June 2006 by Weilin Zhong (talk | contribs)

Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


The configuration of the application fails to enforce the use of SSL on pages that contain sensitive data.


  • Login pages are not SSL protected
  • A publicly accessible page contains a relative link to a protected page which forgets to switch to SSL.

Related Threats

  • Attackers that are trying to steal login credentials, session ids or other sensitive information

Related Attacks

  • Bypassing SSL by entering HTTP instead of HTTPS
  • Sending insecure URLs of protected pages to the victim (e.g. login page) to trick the victim into accessing the privileged pages via HTTP

Related Vulnerabilities

Related Countermeasures


This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.