|
The finding impacts on the Web UI
Confidential data (such as electronic statements) is delivered to the user via an insecure channel such as email. This exposes potentially sensitive data in plaintext over local and intermediary networks. This traffic can be viewed and intercepted by malicious third parties
|
Affected Hosts/URLs:
citi.ariscloud.com:443
|
Example -
|
The permanent password displayed in clear text in the email sent to the user
|
|
