Cleartext credentials over unencrypted channel should not be accepted for the operation

Description

Sending credentials over HTTP in cleartext exposes API calls to attacks including man-in-the-middle attacks. Ensure that you are using an encrypted channel for sending credentials.

Code Example

yaml

components:
securitySchemes:
-    unencryptedScheme:
-      type: http
-      scheme: basic
paths:
"/":
get:
security:
-        - unencryptedScheme: []

Remediation

OpenAPI

Ensure that you aren't using the unencryptedScheme. For example:

Rule Details

Field	Value
ID	IAC-1259
Severity	HIGH
IaC Type	OpenAPI
Frameworks	OpenAPI
Checkov ID	CKV_OPENAPI_3

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Cleartext credentials over unencrypted channel should not be accepted for the operation

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Cleartext credentials over unencrypted channel should not be accepted for the operation ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Cleartext credentials over unencrypted channel should not be accepted for the operation

Description

Code Example

Remediation

Rule Details

References