Detections
Analytics
Credit Card Disclosure over HTTP
medium Nessus Plugin ID 122599
Language:
Synopsis
The web application sends credit card information over HTTP.Description
The remote web application sends credit card information over HTTP, disclosing the information to potential eavesdroppers.Solution
All credit card information must be transmitted via an encrypted channel.Plugin Details
Severity: Medium
ID: 122599
File Name: credit_card_disclosure.nbin
Version: 1.60
Type: remote
Family: CGI abuses
Published: 1/9/2019
Updated: 9/3/2024
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: Information disclosure score
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: manual
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Information
Required KB Items: Settings/enable_web_app_tests, Settings/ParanoidReport