We have received audit observation "It was observed that password is transmitting in a clear text. Any attacker/malicious user can intercept the application traffic and can get sensitive information of CA Service Desk application.
Release : 17.x
Component : CA Service Desk
When an attacker takes control of the client browser and installs a proxy to "steal the traffic" between the client browser and server, can view the information including clear text log-in password since the payload was redirected before submission to the SSL tunnel.
Ideally when SSL configuration is enabled on SDM, the communication between the client browser and the application server always encrypted over SSL and can't be viewed in plain text. However there is a chance that when attacker takes control over the browser and installs proxy to steal the traffic, then the attacker can view the information including login/password. But this is much more dangerous than just stealing the password because attacker can get any information. Based on the analysis done earlier on similar cases, it is recommended to use SAML authentication as it provides improved defense since the SAML handshake process is relatively more secure.
In addition to SAML authentication customers can always go with 2F/multi factor authentication based on security teams recommendations.