Vulnerability
Client Side URL Redirect
HTTPS protocol is used for secure communication over a computer network. HTTPS is widely used on the Internet because due to its secure communication. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). This vulnerability is due to SSL being turned off or the certificate used is not proper. This protocol protects applications from the man-in-the-middle attack (MITM). HTTPS was first implemented in the payment gateway. The other difference between HTTPS and HTTP is that HTTP uses port 80 whereas HTTPS uses 443.
Impact
Using this vulnerability, an attacker can:-
- redirect the user to a malicious site to steal information/data.
- show users false data which will, in turn, affect the credibility of the website.
Mitigation / Precaution
Beagle recommends the following:-
- Turn on SSL certification
- To obtain certification, generate a CSR (Certificate Signing Request).
- Contact a certificate provider and request for a certificate.
- Install the certificate.
- Enforce SSL connections.
- Try to set a proper SSL certificate.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
