Security Teams may find the following vulnerabilities with respect to the DX UIM OC Wasp application: 

The Web server uses plain-text form based authentication. A web page exists on the target host which uses an HTML login form. This data is sent
from the client to the server in plain-text. 

DX UIM 23.4.*

Working as designed

DX UIM does not implement custom client-side mechanisms to encrypt data or prevent plain text transmission over HTTP. Attempting to encode credentials or other sensitive information from the browser side using such methods has repeatedly shown to be limited and ineffective for true security.

Our robust solution is HTTPS, which encrypts the entire communication channel from end-to-end. This ensures strong protection against network traffic sniffing and unauthorized access.

For guidance on configuring HTTPS, see: Techdocs --> Configure HTTPS in Admin Console or Operator Console (Authority-Signed Certificate)