HTTP to HTTPS Insecure Transition in Form Post
- Risk:
Medium
- Type:
- Passive
- CWE:
- 319
- Summary
- This check looks for insecure HTTP pages that host HTTPS forms. The issue is that an insecure HTTP page can easily be hijacked through MITM and the secure HTTPS form can be replaced or spoofed.
- Solution
- Use HTTPS for landing pages that host secure forms.
- Other info
- The response to the following request over HTTP included an HTTPS form tag action attribute value: http://example.com The context was: <form name="someform" action="https://example.com/processform">