Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle malicious users to spoof product updates.