CSAL#58
|
Security Notification # CSAL58 |
|
Advisory Title: Insecure Transition from HTTPS to HTTP |
||||
|
Document ID: |
TAS/PRD/GEN/SN-CSAL#58 |
Document Name: |
Security Notification # CSAL58 |
Doc. Rev.: |
0 |
|
|
|
|
|
|
|
|
|
|
Publication Date |
15-Jan-24 |
Incident Source |
CSAL58 |
CVE / Vulnerability Reference |
OWASP(A3) CWE-200 |
|
|
Last Update |
06-Feb-24 |
Reported By |
Valency Networks Testing Agency |
Advisory ID# |
Posting Not Started Yet |
|
|
Current Version |
WP500 FW 0.6.6 |
CVSS Score |
7 |
|
|
|
|
|
|
|
|
|
|
|
|
Vulnerability Description |
Found Insecure transition from HTTPS to HTTP in form post, possible information disclosure or Man-in-the-middle attack chances. |
|||||
|
Impact |
Insecure transitions from HTTPS to HTTP in form posts expose data to interception, increasing the risk of information disclosure and man-in-the-middle (MITM) attacks. To mitigate, ensure all form data is submitted over HTTPS and implement HSTS (HTTP Strict Transport Security) to enforce secure connections. |
|||||
|
Affected products |
WP500 Firmware 0.65 Version |
|
|
|
|
|
|
Temporary Fix / Mitigation |
Please update to firmware version 0.6.6. |
|
||||
|
Acknowledgment |
Valency Networks , Pune |
|
|
|
|
|
|
History |
NA |
|
|
|
|
|
|
Classification of Vulnerability |
|
|
|
|
||