J2EE Misconfiguration: Data Transmission Without Encryption
CWE-5
Short description
Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.
Best practices to prevent this CWE
Phase: System Configuration
The product configuration should ensure that SSL or an encryption mechanism of equivalent strength and vetted reputation is used for all access-controlled pages.