Cleartext Transmission of Sensitive Information

Property
Languagepython
Severitylow
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelLow
Likelihood LevelLow

Description

The code is making HTTP requests using ‘http://’ instead of ‘https://’. This means data sent and received is not encrypted, exposing it to anyone monitoring the network.

Impact

If an attacker intercepts this unencrypted traffic, they could steal sensitive information like login credentials or personal data, or tamper with the communication. This puts users and the application’s security at significant risk.

Cleartext Transmission of Sensitive Information

Property
Languagepython
Severitylow
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelLow
Likelihood LevelLow

Description

The code is making HTTP requests using ‘http://’ instead of ‘https://’, which means data sent and received is not encrypted. This exposes sensitive information, such as credentials or personal data, to interception over the network.

Impact

If exploited, attackers could intercept or modify unencrypted data in transit, leading to information theft, session hijacking, or manipulation of application behavior. This can compromise user privacy and the security of your application and its users.

Cleartext Transmission of Sensitive Information

Property
Languagepython
Severitylow
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

Using ftplib.FTP transmits all data, including login credentials, in plain text over the network. This exposes sensitive information to anyone who can intercept the traffic. To secure data in transit, use ftplib.FTP_TLS instead.

Impact

If exploited, attackers could intercept and read usernames, passwords, and any files transferred between the client and server. This can lead to unauthorized access, data theft, or further compromise of user accounts and internal systems.

Cleartext Transmission of Sensitive Information

Property
Languagepython
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code is using urllib3’s HTTPConnectionPool, which sends data over an unencrypted HTTP connection. This exposes any transmitted information to potential eavesdropping or interception.

Impact

Sensitive data such as credentials or personal information could be intercepted by attackers on the network, leading to data breaches, account compromise, or loss of user trust. Using unencrypted HTTP makes it easy for attackers to view or manipulate traffic between the application and remote servers.

Cleartext Transmission of Sensitive Information

Property
Languageruby
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code sends HTTP requests to URLs using unencrypted (http) connections with libraries like HTTParty or RestClient. This exposes any transmitted data—including sensitive information—to interception by attackers on the network.

Impact

If exploited, attackers can eavesdrop on or manipulate the data sent between your application and external services, potentially stealing user credentials, session tokens, or other confidential data. This puts both your users and the application at risk of data breaches, account compromise, or man-in-the-middle attacks.

Cleartext Transmission of Sensitive Information

Property
Languageruby
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

Using the ’net/ftp’ package to connect to FTP servers sends all data, including credentials and files, over the network without encryption. This exposes sensitive information to anyone who can monitor network traffic.

Impact

An attacker could intercept users’ credentials or confidential data transmitted via FTP, leading to unauthorized access, data breaches, or compliance violations. This puts both user privacy and organizational security at risk.

Cleartext Transmission of Sensitive Information

Property
Languageruby
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code is making HTTP or FTP requests using OpenURI without encryption, which means data sent or received can be intercepted by attackers. Using unencrypted protocols exposes sensitive information during transmission.

Impact

An attacker on the network could eavesdrop on or tamper with the data being transferred, potentially stealing credentials, personal information, or modifying content. This can lead to data breaches, user impersonation, or compromised application integrity.

Cleartext Transmission of Sensitive Information

Property
Languageruby
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code sends HTTP requests to URLs using ‘http://’ instead of ‘https://’, meaning the data is transmitted without encryption. This exposes any information sent or received to interception by attackers.

Impact

Sensitive data such as login credentials, personal information, or session tokens can be intercepted and read by attackers on the network. This can lead to account compromise, data theft, and severe privacy violations for users or the organization.

Cleartext Transmission of Sensitive Information

Property
Languageruby
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code creates or connects to a Telnet server, which transmits all data—including credentials—in clear text without encryption. This makes sensitive information vulnerable to interception by attackers.

Impact

If exploited, attackers can easily capture usernames, passwords, and other confidential data sent over the network. This could lead to unauthorized access, data theft, or further compromise of your systems and users.

Cloud DNS should use DNSSEC

Property
Languageterraform
Severitymedium
Servicedns
ProviderGoogle
Vulnerability Typeomission

Description

Public Google Cloud DNS managed zones without DNSSEC enabled do not validate the authenticity of DNS responses. This allows attackers to spoof DNS records or intercept DNS traffic.

Impact

Without DNSSEC, attackers could perform man-in-the-middle attacks, redirecting users to malicious sites or intercepting sensitive data by tampering with DNS responses, potentially leading to data breaches or service impersonation.