Traffic over a cleartext protocol exposing content and credentials
Description
AlphaSOC detected network traffic on ports commonly used by cleartext protocols, which expose content and possibly credentials. Cleartext protocols transmit data without encryption, making it vulnerable to interception and eavesdropping. This can lead to unauthorized access to sensitive information, including login credentials, personal data, and confidential communications.
Impact
The use of cleartext protocols can have significant consequences for an organization's security posture. Threat actors can easily intercept and read sensitive data, potentially leading to data breaches, unauthorized access to systems, and compromise of user accounts. This vulnerability provides adversaries with valuable information for further exploitation.
Severity
| Severity | Condition |
|---|---|
Medium | Traffic over FTP, Telnet, POP3, IMAP, or Rsync ports |
Investigation and Remediation
Investigate the source and destination of the cleartext traffic to identify the systems and applications involved. Determine if this action legitimate. If not, immediately disable or reconfigure the affected services to use encrypted alternatives. Update or replace legacy systems that rely on cleartext protocols. Implement network segmentation to isolate systems that cannot be immediately upgraded.