Sensitive data is transmitted over unencrypted channels, allowing attackers to intercept and read confidential information through network sniffing.
Attackers on the same network could capture sensitive data including credentials, personal information, session tokens, and financial data.
Enforce TLS 1.2+ for all communications. Implement HSTS headers. Disable support for legacy protocols. Use secure cookie flags. Consider implementing certificate pinning for mobile applications.