Data sent over a non-HTTPS connection is unencrypted and vulnerable to network sniffing attacks that can expose sensitive or confidential information. This includes non-secure cookies and other potentially sensitive data contained in HTTP headers. Even if no sensitive data is transmitted, man-in-the-middle (MITM) attacks are possible over non-HTTPS connections. An attacker who exploits MITM can intercept and change the conversation between the client (like web browsers and mobile devices) and the server.
Disabling HTTP and enabling HTTPS only in your IIS settings can avoid security vulnerabilities. Flexera cannot directly modify your existing IIS host settings since you may have other applications deployed on the same IIS. Below are instructions to update your settings to disable HTTP and fix the insecure vulnerability.
IMPORTANT: If Data Platform and User Console aren’t on the same host, these steps must be completed in the Internet Information Services (IIS) Manager settings for both Data Platform and User Console.
on Dec 24, 2019 03:22 AM - edited on Mar 29, 2024 11:49 AM by HollyM