Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default port and HTTP without TLS need to be removed #1

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Default port and HTTP without TLS need to be removed #1

wants to merge 8 commits into from

Commits on Jul 4, 2020

  1. Default port and HTTP without TLS need to be removed 

    Why
Default ports are susceptible to vulnerabilities

Description
Most cyber attacks occur due to default port usage.

Reff: https://www.bleepingcomputer.com/news/security/most-cyber-attacks-focus-on-just-three-tcp-ports/#:~:text=According%20to%20the%20report%2C%20the,(Hypertext%20Transfer%20Protocol%20Secure)

Use of HTTP without TLS/SSL is a security weakness: CWE-319: Cleartext Transmission of Sensitive Information
    @akondasif
    akondasif authored Jul 4, 2020
    Configuration menu
    Copy the full SHA
    b4e2aec View commit details
    Browse the repository at this point in the history

  2. Default port of Kafka

    @akondasif
    akondasif authored Jul 4, 2020
    Configuration menu
    Copy the full SHA
    12492b2 View commit details
    Browse the repository at this point in the history

  3. Default port usage and HTTP without TLS

    @akondasif
    akondasif authored Jul 4, 2020
    Configuration menu
    Copy the full SHA
    a93bd04 View commit details
    Browse the repository at this point in the history

  4. Default port usage

    @akondasif
    akondasif authored Jul 4, 2020
    Configuration menu
    Copy the full SHA
    20ae41b View commit details
    Browse the repository at this point in the history

  5. Default port usage

    @akondasif
    akondasif authored Jul 4, 2020
    Configuration menu
    Copy the full SHA
    2e963cb View commit details
    Browse the repository at this point in the history

Commits on Jul 8, 2020

  1. HTTP with TLS 

    Some of the endpoints are still using HTTP that is insecure ... replaced with secure HTTP (HTTP with SSL/TLS) that exists

Details:

I found instances where the HTTP protocol is used instead of HTTPS (HTTP with TLS). According to the Common Weakness Enumeration organization this is a security weakness (https://cwe.mitre.org/data/definitions/319.html).
    @akondasif
    akondasif authored Jul 8, 2020
    Configuration menu
    Copy the full SHA
    54ab592 View commit details
    Browse the repository at this point in the history

  2. Update to fix HTTP endpoints 

    Some of the endpoints are still using HTTP that is insecure ... replaced with secure HTTP (HTTP with SSL/TLS) that exists

Details:

I found instances where the HTTP protocol is used instead of HTTPS (HTTP with TLS). According to the Common Weakness Enumeration organization this is a security weakness (https://cwe.mitre.org/data/definitions/319.html).
    @akondasif
    akondasif authored Jul 8, 2020
    Configuration menu
    Copy the full SHA
    553e398 View commit details
    Browse the repository at this point in the history

Commits on Jul 10, 2020

  1. Update to fix HTTP endpoints 

    Some of the endpoints are still using HTTP that is insecure ... replaced with secure HTTP (HTTP with SSL/TLS) that exists. These fixes are similar to MossabTN#1

Details:

I found instances where the HTTP protocol is used instead of HTTPS (HTTP with TLS). According to the Common Weakness Enumeration organization this is a security weakness (https://cwe.mitre.org/data/definitions/319.html).
    @akondasif
    akondasif authored Jul 10, 2020
    Configuration menu
    Copy the full SHA
    9577716 View commit details
    Browse the repository at this point in the history