CWE

J2EE Misconfiguration: Data Transmission Without Encryption

ID: 5		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Variant

Description

Information sent over a network can be compromised while in transit. An attacker may be able to read/modify the contents if the data are sent in plaintext or are weakly encrypted.

Applicable Platforms
Language: Java

Time Of Introduction

• Implementation
• Operation

Common Consequences

Scope	Technical Impact	Notes
Confidentiality Integrity	Read application data Modify application data

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
System Configuration		The application configuration should ensure that SSL or an encryption mechanism of equivalent strength and vetted reputation is used for all access-controlled pages.

Relationships

Related CWE	Type	View	Chain
CWE-5 ChildOf CWE-895	Category	CWE-888

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
7 Pernicious Kingdoms		J2EE Misconfiguration: Insecure Transport

References:
None