Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V9 - Communications

Weak TLS configuration - Sensitive Information Sent via Unencrypted Channels

POC

  • Observe via HTTP proxy (Burp) that some of the requests are sent via HTTP. (eg: Basic Authentication over HTTP)

Impact

Low-Medium

Likelihood

Low-Medium