The installed Joomla! web application does not run over TLS, leaving usernames and passwords transmitted in cleartext over HTTP.
Description
Joomla! is an open source content management system written in PHP. When authentication and other sensitive data are not encrypted during transmission between client and server, an attacker who can sniff network traffic may use this flaw to gain unauthorized access to the administrator's web interface of this server.
Solution
Require the Joomla! web server to encrypt traffic associated with authentication or any sensitive data.
