[Web Application Transmits Login Credentials Without Encryption]

Padlock shows closed, site is working correctly and passed PCI scan. Whew 

 

I attached an image of my SSL page in store settings for your review.  I'm just happy it's fixed and maybe this will help someone else out in the future.

 

Thanks!!

[Web Application Transmits Login Credentials Without Encryption]

Ok - having HG implement mod_rewrite directives that would redirect these requests to https.  Running another scan now.  Will post back soon with the results.  Fingers crossed

[Web Application Transmits Login Credentials Without Encryption]

Still failed PCI Scan ....

PCI Scan says...There is a web application running on this host that transmits login credentials over HTTP, which is a clear-text protocol. As such, if an attacker was able to intercept traffic containing login credentials, it would be trivial to view user account and password information. Location: http://www.bugeyed.net/admin.php

When I type http://www.bugeyed.net/admin.phpI do not automatically get redirected to the HTTPS and can log in under the http still.  Any ideas?

 

[Web Application Transmits Login Credentials Without Encryption]

I did change the store settings to force SSL on all CubeCart pages yesterday and that did not seem to be working at the time.  Now it looks like that part is working so I will run another PCI scan and post the results later today.  Thanks!

[Web Application Transmits Login Credentials Without Encryption]

My site bugeyed.net has an SSL Certificate applied to it but failed the PCI compliance scan with this error..[There is a web application running on this host that transmits login credentials over HTTP, which is a clear-text protocol. As such, if an attacker was able to intercept traffic containing login credentials, it would be trivial to view user account and password information.] Their recomendation is to....[All web application communications containing sensitive information should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP to HTTPS is utilized in an attempt to remediate this finding, please ensure that such redirection occurs on the server side of the system (for example via the use of the HTTP "Location" header element) and that redirection is not reliant upon the client (browser) side.]

I have already spoken with HG and they tried to edit the .htaccess file but said that wasn't working - it was putting it in a loop because of the #### Rewrite rules for SEO functionality ####

Any ideas for the best way to redirect the http to an https login page?

Thanks in advance!