Credit Card Disclosure over HTTP

medium Nessus Plugin ID 122599

Synopsis

The web application sends credit card information over HTTP.

Description

The remote web application sends credit card information over HTTP, disclosing the information to potential eavesdroppers.

Solution

All credit card information must be transmitted via an encrypted channel.

Plugin Details

Severity: Medium

ID: 122599

File Name: credit_card_disclosure.nbin

Version: 1.60

Type: remote

Family: CGI abuses

Published: 1/9/2019

Updated: 9/3/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Information disclosure score

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests, Settings/ParanoidReport