rspec/rules/S5332/description.adoc

Clear-text protocols as ``++ftp++``, ``++telnet++`` or  non secure ``++http++`` are lacking encryption of transported data. They are also missing the capability to build an authenticated connection. This mean that any attacker who can sniff traffic from the network can read, modify or corrupt the transported content. These protocol are not secure as they expose applications to a large range of risk:

* Sensitive data exposure
* Traffic redirected  to a malicious endpoint
* Malware infected software update or installer
* Execution of client side code
* Corruption of critical information

Note also that using the ``++http++`` protocol is being deprecated by https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http[major web browser]. 

In the past, it has led to the following vulnerabilities:

* https://nvd.nist.gov/vuln/detail/CVE-2019-6169[CVE-2019-6169]
* https://nvd.nist.gov/vuln/detail/CVE-2019-12327[CVE-2019-12327]
* https://nvd.nist.gov/vuln/detail/CVE-2019-11065[CVE-2019-11065]
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			Clear-text protocols as ``++ftp++``, ``++telnet++`` or non secure ``++http++`` are lacking encryption of transported data. They are also missing the capability to build an authenticated connection. This mean that any attacker who can sniff traffic from the network can read, modify or corrupt the transported content. These protocol are not secure as they expose applications to a large range of risk:
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`* Sensitive data exposure`
			`* Traffic redirected to a malicious endpoint`
			`* Malware infected software update or installer`
			`* Execution of client side code`
			`* Corruption of critical information`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			Note also that using the ``++http++`` protocol is being deprecated by https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http[major web browser].
Add rules 5000-5999 2020-06-30 12:50:28 +02:00
			`In the past, it has led to the following vulnerabilities:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`* https://nvd.nist.gov/vuln/detail/CVE-2019-6169[CVE-2019-6169]`
			`* https://nvd.nist.gov/vuln/detail/CVE-2019-12327[CVE-2019-12327]`
			`* https://nvd.nist.gov/vuln/detail/CVE-2019-11065[CVE-2019-11065]`