Use of Cleartext Protocols
Leverage searches that detect cleartext network protocols that may leak credentials or should otherwise be encrypted.
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Network_Traffic
- Last Updated: 2017-09-15
- Author: Bhavin Patel, Splunk
- ID: 826e6431-aeef-41b4-9fc0-6d0985d65a21
Various legacy protocols operate by default in the clear, without the protections of encryption. This potentially leaks sensitive information that can be exploited by passively sniffing network traffic. Depending on the protocol, this information could be highly sensitive, or could allow for session hijacking. In addition, these protocols send authentication information, which would allow for the harvesting of usernames and passwords that could potentially be used to authenticate and compromise secondary systems.
|Protocols passing authentication in cleartext||TTP|
source | version: 1