Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Feb 20, 2023 3:50:41 AM
Aug 11, 2020 5:10:46 PM
A penetration test shows traffic traces between a client device and a server that reveals the user's credentials. This might be flagged as a potential risk for man-in-the-middle (MITM) attacks in a security report.
Below images show an example of a login request through Qlik Sense form login, where the HTTP request body contains the user's credentials in plain text.
Diagnosis
In this scenario, the end-user typically enters credentials into a form on a login page. The login form usually hides the password from plain sight by masking it on the screen, but the entries are still plain text.
The communication between the client browser and server should be secured and encrypted with HTTPS so that the plain text credentials and any other content are encrypted at all times during transport between the client device and server.
An attacker does not have the required certificates, and can therefore not decrypt intercepted HTTPS traffic and the server reveal the content.
This test result is a false-positive since the penetration tool, in this case, acts as the connecting and trusted client, and thereby decrypts the traffic and consequently can also display and analyze the traffic content.
Qlik Sense on Windows defaults to HTTPS. All communication is under TLS. When a user is attempted to log in, the web browser establishes a TLS connection with the server and is able to view requests in plain text (in the browser). This does not mean the request has gone out into the world without encryption. From the provided screenshots, the target URL is omitted. I'm unable to verify if the scheme in the browser is HTTP or HTTPS (as seen in the below screenshot)
A change to your environment would require you to communicate with your support in order to reset the proxy to the default configuration.
