logo

443 – HTTPS (Secure Web Traffic)

Service:

https

Protocol:

TCP

Port:

443

Used for:

Secure web communication over HTTPS, encrypting data exchanged between a web browser and server using SSL/TLS.

Why It’s Open

Port 443 is one of the most commonly open ports on the internet. It’s used to serve HTTPS, the encrypted version of HTTP, which secures data in transit between clients and servers using SSL/TLS. It’s essential for secure web browsing, APIs, login pages, and any service that handles sensitive data over the web.

Common Risks

Despite being a necessary and widely used service, exposing port 443 can introduce several risks if misconfigured:

  • Insecure SSL/TLS Configuration: Using outdated or weak cryptographic protocols (e.g., TLS 1.0) can leave encrypted traffic vulnerable to attacks.
  • Information Disclosure: SSL certificates, server headers, and debug responses can leak details about server software, versions, and configurations.
  • Application Layer Vulnerabilities: Web apps behind port 443 may contain flaws like SQL injection, XSS, CSRF, authentication bypasses, etc.
  • Man-in-the-Middle Attacks: Improper certificate validation or missing HSTS can enable traffic interception or downgrades to HTTP.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Check if it’s open

Terminal window
nmap -sT -p 443

Detect service version and SSL info

Terminal window
nmap -sV --script ssl-cert,ssl-enum-ciphers -p 443

Scan for web vulnerabilities, use tools like:

What to Look For

CheckpointWhat it means
Weak SSL/TLS protocolsVulnerable to downgrade attacks, BEAST, POODLE, etc.
Self-signed or expired certsMay trigger browser warnings or allow MitM attacks
Missing security headersApplication lacks X-Frame-Options, CSP, HSTS, etc.
Default web app or dashboardMay expose administrative interfaces

Mitigation

  • Enforce Strong SSL/TLS
  • Disable old protocols (SSL, TLS 1.0/1.1), and enforce TLS 1.2 or 1.3 only.
  • Use Valid Certificates
  • Harden Web Applications
  • Enable HSTS
  • Keep Software Up-to-Date

Known CVEs and Exploits

  • CVE-2023-27997 – Fortinet FortiGate SSL-VPN RCE (heap-based buffer overflow).
  • CVE-2021-26855 – Microsoft Exchange SSRF in HTTPS requests (ProxyLogon).
  • CVE-2020-3452 – Cisco ASA and FTD WebVPN Path Traversal on port 443.
  • CVE-2014-0160 (Heartbleed) – OpenSSL heartbeat buffer over-read (one of the most famous HTTPS-related vulns).