This article is a part of our Web Security Knowledge Base (back to index)
Why “HTTPS to HTTP Insecure Transition in Form Post” can be dangerous
The insecure HTTP website is an easy target to be hijacked through man-in-the-middle attack making it possible for the secure HTTPS forms to be replaced or spoofed by the attacker. This could lead to disclosure of users' sensitive data which they provide to be sent with secure forms. It can result in credential leakage providing an opportunity for eavesdroppers to perform unauthorised actions.
How to fix “HTTPS to HTTP Insecure Transition in Form Post”
Use HTTPS for pages which host secure forms.
How does ScanRepeat report “HTTPS to HTTP Insecure Transition in Form Post”
ScanRepeat looks for insecure HTTP pages which host HTTPS forms. It reports every occurrence of such a vulnerability, providing the URL of the insecure page and points to the evidence which is the HTML form element.
Would you like to test your application now against this problem? Sign up for our free trial
Scan Your Web App Now