Redirects, but final destination is not an HTTPS URL.

OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-601 WASC-38 WSTG-CLNT-04

HTTPS protocol is used for secure communication over a computer network. HTTPS is widely used on the Internet because due to its secure communication. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). This vulnerability is due to SSL being turned off or the certificate used is not proper. This protocol protects applications from the man-in-the-middle attack (MITM). HTTPS was first implemented in the payment gateway. The other difference between HTTPS and HTTP is that HTTP uses port 80 whereas HTTPS uses 443.


Using this vulnerability, an attacker can:-

  • redirect the user to a malicious site to steal information/data.
  • show users false data which will, in turn, affect the credibility of the website.

Mitigation / Precaution

Beagle recommends the following:-

  • Turn on SSL certification
    • To obtain certification, generate a CSR (Certificate Signing Request).
    • Contact a certificate provider and request for a certificate.
    • Install the certificate.
    • Enforce SSL connections.
  • Try to set a proper SSL certificate.

Related Articles