Cleartext Transmission of Sensitive Information

Property
Languagego
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code sends HTTP requests using grequests over unencrypted (http://) connections. This exposes sensitive data, such as personal information or credentials, to anyone who can intercept the network traffic.

Impact

Attackers on the same network could eavesdrop on unencrypted requests and responses, leading to data leaks, credential theft, or session hijacking. This compromises user privacy and can result in regulatory violations or reputational damage to your organization.

Cleartext Transmission of Sensitive Information

Property
Languagehtml
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelHigh
Impact LevelLow
Likelihood LevelLow

Description

The code includes links that use the unsecured HTTP protocol instead of HTTPS. This means any data sent or received through these links can be intercepted or tampered with by attackers.

Impact

If users follow HTTP links, sensitive information like login credentials or personal details could be exposed to eavesdroppers on the network. Attackers might intercept or alter the content, leading to data theft, account compromise, or malicious redirection.

Cleartext Transmission of Sensitive Information

Property
Languagekotlin
Severitylow
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The code creates a network socket without encryption, which means data sent over the connection is transmitted in plain text. This makes it easy for attackers to intercept and read sensitive information.

Impact

If exploited, attackers on the same network could capture and view confidential data such as passwords or personal information sent through the socket. This can lead to data breaches, loss of user trust, and possible regulatory violations.

Cleartext Transmission of Sensitive Information

Property
Languagejava
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The application is making HTTP requests using Java Spring’s RestTemplate to URLs that start with ‘http://’, which sends data over an unencrypted connection. This exposes sensitive information to anyone who can intercept the network traffic.

Impact

If exploited, attackers could eavesdrop on requests and responses, capturing sensitive data such as authentication tokens, personal information, or API keys. This can lead to data breaches, session hijacking, or unauthorized access to user accounts and backend services.

Cleartext Transmission of Sensitive Information

Property
Languagejava
Severityhigh
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelHigh

Description

The code disables or overrides TLS/SSL certificate verification, which stops the application from properly checking if it’s connecting to a trusted server. This makes it easy for attackers to intercept or tamper with sensitive data during transmission.

Impact

If exploited, attackers could perform man-in-the-middle attacks, intercepting or altering confidential information such as passwords, personal details, or session tokens. This may lead to data breaches, loss of user trust, and potential regulatory violations.

Cleartext Transmission of Sensitive Information

Property
Languagejava
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code establishes FTP connections using Spring’s ftpSessionFactory, which sends data—including potentially sensitive information—over the network in plain text. FTP does not provide encryption, so any data transferred can be intercepted by attackers.

Impact

If exploited, attackers could eavesdrop on network traffic and capture sensitive data like credentials or personal information sent via FTP. This could lead to data breaches, credential theft, and regulatory compliance violations, putting users and the organization at risk.

Cleartext Transmission of Sensitive Information

Property
Languagejava
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code creates outgoing connections to FTP servers, which transmit all data—including potentially sensitive information—unencrypted over the network. This exposes user data to anyone who can intercept network traffic.

Impact

Attackers observing network traffic could capture credentials, personal information, or other confidential data sent via FTP. This can result in data breaches, regulatory violations, and compromise of user privacy or system integrity.

Cleartext Transmission of Sensitive Information

Property
Languagejava
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code establishes a connection using the Telnet protocol, which does not encrypt data sent over the network. This means any information, including passwords or sensitive commands, is transmitted in cleartext and can be intercepted.

Impact

Attackers could easily capture and read sensitive data transmitted over Telnet, leading to credential theft or exposure of confidential information. This can result in unauthorized access to systems, data breaches, and potential regulatory violations for the organization.

Cleartext Transmission of Sensitive Information

Property
Languagejava
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelLow

Description

The code enables unsafe TLS renegotiation by setting ‘sun.security.ssl.allowUnsafeRenegotiation’ to true. This weakens the security of encrypted connections and makes them vulnerable to interception.

Impact

Allowing unsafe TLS renegotiation lets attackers inject malicious data into secure connections, potentially leading to man-in-the-middle attacks. Sensitive information could be exposed or tampered with, putting both user data and application integrity at risk.

Cleartext Transmission of Sensitive Information

Property
Languagejava
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelLow
Impact LevelMedium
Likelihood LevelMedium

Description

The code establishes socket connections to servers using insecure protocols like HTTP, FTP, or Telnet, which send data without encryption. This exposes any transmitted information, such as credentials or sensitive data, to interception.

Impact

Attackers on the same network can easily intercept and read sensitive information sent over these connections, leading to data breaches, compromised user accounts, or exposure of confidential application data. This can result in loss of user trust, regulatory violations, and damage to organizational reputation.