Mixed Resource Detection

Medium Web Application Scanning Plugin ID 98091

Synopsis

Mixed Resource Detection

Description

Scanner discovered that the affected site is utilising both HTTP and HTTPS. While the HTML code is served over HTTPS, the server is also serving resources over an unencrypted channel, which can lead to the compromise of data, while providing a false sense of security to the user.

Solution

All pages and/or resources on the affected site should be secured equally, utilising the latest and most secure encryption protocols. These include SSL version 3.0 and TLS version 1.2.
While TLS 1.2 is the latest and the most preferred protocol, not all browsers will support this encryption method. Therefore, the more common SSL is included. Older protocols such as SSL version 2, and weak ciphers (< 128 bit) should also be disabled.

See Also

https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content

Plugin Details

Severity: Medium

ID: 98091

Type: remote

Published: 2017/03/31

Modified: 2017/10/17

Risk Information

Risk Factor: Medium