Insecure Connection High

Using plain HTTP with ListenAndServe or Serve allows unencrypted connections. This risks interception or modification of data in transit. HTTP traffic should always be encrypted by using ListenAndServeTLS or ServeTLS and providing certificate and key. TLS encrypts all traffic and provides transport layer security, preventing man-in-the-middle attacks. Lack of encryption allows sensitive data to be exposed during transmission.

Detector ID
go/insecure-connection@v1.0
Category
Common Weakness Enumeration (CWE) external icon