CWE-1428: Reliance on HTTP instead of HTTPS

BaseIncomplete

The product provides or relies on use of HTTP communications when HTTPS is available.

View on MITRE
Back to CWE Lookup

Extended Description

Because HTTP communications are not encrypted, HTTP is subject to various attacks against confidentiality, integrity, and authenticity. However, unlike many other protocols, HTTPS is widely available as a more secure alternative, because it uses encryption.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms
Not OS-Specific

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-1428

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references