Waketime Payment Gateway Vulnerability

Summary: Waketime's payment gateway does not encrypt data in transit, which could allow an attacker to intercept and capture card information. This vulnerability could be exploited by a man-in-the-middle (MITM) attack, in which the attacker would insert themselves between the user and the payment gateway, intercepting the data as it is transmitted. Steps to Reproduce: Visit the Waketime website. Proceed to subscribe and enter your credit card information. Observe that the data is not encrypted in transit. Expected Results: The data should be encrypted in transit, using a secure protocol. Actual Results: The data is not encrypted in transit, and could be intercepted by an attacker. ## Impact A man-in-the-middle attack is a type of cyberattack in which an attacker inserts themselves between two parties, intercepting and modifying the communication between them.