Channel Accessible By Non Endpoint High

Using insecure gRPC connections in Go code poses security risks of data tampering and unauthorized access. Initializing gRPC clients without encryption via grpc.WithInsecure() allows traffic tampering and server identity spoofing. Creating gRPC servers without specifying credentials via grpc.Creds() also enables insecure connections. To prevent tampering and ensure integrity, encrypt gRPC connections by using grpc.WithTransportCredentials() and grpc.Creds() with valid certificates. Encryption protects confidentiality and integrity of gRPC communication.

Detector ID
go/channel-accessible-by-non-endpoint@v1.0
Category
Common Weakness Enumeration (CWE) external icon