Sucuri: Usage of HTTP for exporting graph data as images

ID H1:29288
Type hackerone
Reporter webpentest
Modified 2014-11-17T14:30:52


Whenever a user of exports his reports graph data as a png, an unencrypted request is sent over to

This enables a mitm-able attacker to sniff and|or replace exported image.

Also, the whole practice of offloading potentially private user data to an unrelated website is questionable.

Solution: replace with httpS://