Analytics Story: Use of Cleartext Protocols
Description
Leverage searches that detect cleartext network protocols that may leak credentials or should otherwise be encrypted.
Why it matters
Various legacy protocols operate by default in the clear, without the protections of encryption. This potentially leaks sensitive information that can be exploited by passively sniffing network traffic. Depending on the protocol, this information could be highly sensitive, or could allow for session hijacking. In addition, these protocols send authentication information, which would allow for the harvesting of usernames and passwords that could potentially be used to authenticate and compromise secondary systems.
Detections
| Name | Technique | Type |
|---|---|---|
| Protocols passing authentication in cleartext | None | TTP |
Data Sources
| Name | Platform | Sourcetype | Source |
|---|
References
Source: GitHub | Version: 1