CWE-1428: Reliance on HTTP instead of HTTPS

The product provides or relies on use of HTTP communications when HTTPS is available.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

Because HTTP communications are not encrypted, HTTP is subject to various attacks against confidentiality, integrity, and authenticity. However, unlike many other protocols, HTTPS is widely available as a more secure alternative, because it uses encryption.

CWE-1428: Reliance on HTTP instead of HTTPS

Overview

Common consequences

How it happens

When it is introduced

How to prevent it

Frequently asked questions

What is CWE-1428?

How do you prevent CWE-1428?

What are the consequences of CWE-1428?

References

Stay ahead of CWE-1428

Overview

Common consequences

How it happens

When it is introduced

How to prevent it

Related weaknesses

Parent

Frequently asked questions

What is CWE-1428?

How do you prevent CWE-1428?

What are the consequences of CWE-1428?

References

Stay ahead of CWE-1428