Requests
Security
no-auth-over-http
no-auth-over-http
Authentication detected over HTTP. HTTP does not provide any encryption or protection for these authentication credentials. This may expose these credentials to unauthorized parties. Use ‘https://’ instead.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-523: Unprotected Transport of Credentials
OWASP:
- A02:2017 - Broken Authentication
- A02:2021 - Cryptographic Failures
disabled-cert-validation
disabled-cert-validation
Certificate verification has been explicitly disabled. This permits insecure connections to insecure servers. Re-enable certification validation.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-295: Improper Certificate Validation
OWASP:
- A03:2017 - Sensitive Data Exposure
- A07:2021 - Identification and Authentication Failures