Full title: ElasticSearch 1.7.2 Cloud-Azure Insecure Transit Vulnerability 
Category: local exploits
Platform: java
The connection string for ELK cloud-azure plugin contains hardcoded http url with the lack of encryption and certificate validation, therefore it is prone to sniffing and MiTM attacks. A potential attacker with the required access to the network traffic would be able to intercept the content of the indexes snapshots.

# 0day.today @ http://0day.today/