SSL/TLS Not Implemented

Severity: Medium
Summary#

Invicti detected that SSL/TLS is not implemented after trying to establish a secure connection to the target website.

Impact#

An attacker who is able to intercept your - or your users' - network traffic can read and modify any messages that are exchanged with your server.

That means that an attacker can see passwords in clear text, modify the appearance of your website, redirect the user to other web pages or steal session information.

Therefore no message you send to the server remains confidential.

Remediation#

We suggest that you implement SSL/TLS properly, for example by using the Certbot tool provided by the Let's Encrypt certificate authority. It can automatically configure most modern web servers, e.g. Apache and Nginx to use SSL/TLS. Both the tool and the certificates are free and are usually installed within minutes.

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works