Vulnerability
Client Side URL Redirect
HTTPS protocol is used for secure communication over a computer network. HTTPS is widely used on the Internet because due to its secure communication. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). This vulnerability is due to SSL being turned off or the certificate used is not proper. This protocol protects applications from the man-in-the-middle attack (MITM). HTTPS was first implemented in the payment gateway. The other difference between HTTPS and HTTP is that HTTP uses port 80 whereas HTTPS uses 443.
Impact
Using this vulnerability, an attacker can:-
- redirect the user to a malicious site to steal information/data.
- show users false data which will, in turn, affect the credibility of the website.
Mitigation / Precaution
Beagle recommends the following:-
- Turn on SSL certification
- To obtain certification, generate a CSR (Certificate Signing Request).
- Contact a certificate provider and request for a certificate.
- Install the certificate.
- Enforce SSL connections.
- Try to set a proper SSL certificate.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.