Unencrypted Protocol Usage (FTP/Telnet)

Vulnerability Details

The system uses unencrypted protocols such as FTP, Telnet, or HTTP for transmitting sensitive data, including credentials, making traffic susceptible to interception.

An attacker on the network could capture credentials, sensitive files, and other data transmitted in plaintext through passive network sniffing.

Replace FTP with SFTP or SCP. Replace Telnet with SSH. Enforce HTTPS for all web communications. Disable all unencrypted protocol services and block their ports at the firewall level.

• https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_Transport_Layer_Security