Passwords transmitted in cleartext
Description
Some websites use HTTP Protocol (Unencrypted channel) for communication between client and server.
If that site is a static website, then no problem. But if that website is dynamic and has a login/registration feature, all username-passwords from the user to the server are only sent in cleartext. If someone is eavesdropping on the user's network, then those credentials will get compromised.
Due to misconfiguration at the webserver, some websites, even though having HTTPS protocol, Username-passwords get transmitted over HTTP only.
In such cases, Attackers may enter in your network and get your credentials. An attacker can get into your home wifi network without a password. You may access some public wifi, like in a hotel, Cafe, Bus stand, Railway station, Airport, etc. Then the attacker can easily see each and everything you are doing on the internet if it is over unencrypted channels like HTTP.
An attacker can use the Packer Sniffing tool like Wireshark to read all unencrypted traffic in the network.
Example
consider, you visit some site,
http://example.com/login.php
It should take you to https://example.com/login.php
If not, then whatever you are transacting to this server can be accessed by an attacker.
Impact
- The user's credentials may get leaked, which causes them to compromise his account.
- The user's PII may get leaked.
Prevention
- Avoid using an unencrypted channel like HTTP.
- Use Transport Layer Encryption like SSL or TLS.
- Force HTTPS protocol so that attackers can not trick the user into using HTTP.