Security mode none
Plugin details
| Severity | Medium |
|---|---|
| ID | 10006 |
| Category | Transport security |
| CVSS score | 6.5 |
| CVSS link | https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Synopsis
Server traffic can be intercepted and modified on the fly.
Description
The server supports message security mode ‘None’, which does not provide any protection. Anyone can intercept and modify the traffic, and read any secrets within it.
Solution
Configure server with either message security mode ‘Sign’ or ‘SignAndEncrypt’.