Newbie here for Wireshark :)
During a pentest someone did for us they came to the conclusion that sometimes our TLS1.2 traffic is in cleartext. I,m trying to figure out whether this is a poorly written app which seems ( according to the pcap file of the pentester) to send information over TLS 1.2 in clear text or that something else is going on.
It states about 4200 "ignored unknown packet" messages. Some of the pcap lines do indeed contain readable information which is supposed to be encrypted. (password, username are visible)
Is this perhaps a setting that Wireshark is decrypting packets ? Or might the app be sending unencrypted info via TLS 1.2 ?
