Network Communication / Unencrypted Communications

Description

Unencrypted communications is a vulnerability in the network communication protocols of web and API; as well as infrastructure. This vulnerability occurs when data is sent over the network without encryption, making the data vulnerable to interception. The Common Weakness Enumeration (CWE) directory lists this vulnerability as CWE-319. The Open Web Application Security Project (OWASP) Testing Guide further identifies this vulnerability as a major risk and recommends that all communications be encrypted.

Risk

Unencrypted communications pose a major risk to data security. If the data being transferred is not encrypted, it is vulnerable to interception by malicious actors. Such interception can result in data being stolen, manipulated, or otherwise compromised.

Solution

The best way to mitigate the risks associated with unencrypted communications is to encrypt all data sent over the network. This can be done using various encryption protocols, such as Transport Layer Security (TLS) or Secure Socket Layer (SSL). These protocols use public-key cryptography to encrypt data before it is sent over the network, ensuring that only the intended recipient can decrypt and access the data.