Detections
Analytics

Web Site Accepts Credit Card Data over cleartext HTTP

medium Nessus Plugin ID 159550

Language:

Synopsis

Identifies web forms that accept credit card data and are not secured by SSL/TLS.

Description

The remote web server contains at least one HTML form field that has an input of type 'cc-number' or similar.

While this does not represent a risk to this web server per se, it does mean that the website may be accepting payment information.

Solution

Use TLS for this webserver.

See Also

http://www.nessus.org/u?75653fc3

Plugin Details

Severity: Medium

ID: 159550

File Name: www_autocomplete_credit_card_over_http.nasl

Version: 1.1

Type: remote

Family: Web Servers

Published: 4/6/2022

Updated: 4/6/2022

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N