Cleartext Transmission of Sensitive Information

Property
Languagegeneric
Severitylow
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

This nginx configuration sets up redirects without explicitly specifying the ‘https’ scheme. As a result, users may be redirected over unencrypted HTTP, exposing sensitive data in transit.

Impact

If exploited, attackers could intercept or modify traffic during redirects, leading to the exposure of passwords, personal information, or session cookies. This weakens user privacy and can put the organization at risk of data breaches or compliance violations.

Cleartext Transmission of Sensitive Information

Property
Languagego
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelLow

Description

The server is started using HTTP without TLS encryption, which means all data sent between clients and the server is transmitted in plain text. This exposes sensitive information to anyone who can intercept the network traffic.

Impact

Without TLS, attackers can eavesdrop on or tamper with data exchanged between users and the server, potentially stealing credentials, session tokens, or personal data. This can lead to data breaches, user impersonation, and loss of trust in your application.

Cleartext Transmission of Sensitive Information

Property
Languagego
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code is making outbound connections to FTP servers using the ftp package. FTP transmits data, including sensitive information like credentials, in plain text without encryption, making it vulnerable to interception.

Impact

Attackers on the network can eavesdrop on FTP traffic and capture sensitive data such as usernames, passwords, or personal information. This can lead to data breaches, account compromise, and regulatory violations due to exposure of confidential user data.

Cleartext Transmission of Sensitive Information

Property
Languagego
Severityhigh
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelHigh
Impact LevelMedium
Likelihood LevelHigh

Description

The code sets the minimum TLS version to an outdated and insecure protocol (TLS 1.0, TLS 1.1, or SSL 3.0) when creating a tls.Config object. These protocols are deprecated and no longer provide adequate protection for data in transit.

Impact

Using insecure TLS versions exposes sensitive information to attackers who can exploit known weaknesses (like POODLE or man-in-the-middle attacks) to intercept, read, or modify data sent between clients and servers. This can lead to data breaches, credential theft, and compliance violations.

Cleartext Transmission of Sensitive Information

Property
Languagego
Severityhigh
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelHigh

Description

The application is making HTTP requests using the gorequest library without encryption. This exposes any data sent or received—including sensitive information like personal details or credentials—to interception by attackers on the network.

Impact

If exploited, attackers could eavesdrop on or manipulate data transmitted between your application and external servers. This could lead to sensitive user information being stolen, account compromise, or regulatory violations due to unprotected data in transit.

Cleartext Transmission of Sensitive Information

Property
Languagego
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code connects to a Telnet server using the ’telnet’ package, which transmits data—including potentially sensitive information—unencrypted over the network. This exposes all communication to interception by attackers.

Impact

If exploited, attackers could intercept and read credentials or other confidential data sent over Telnet, leading to account compromise, data leaks, or unauthorized system access. This can seriously undermine the application’s security and put user or organizational data at risk.

Cleartext Transmission of Sensitive Information

Property
Languagego
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code is making HTTP requests to URLs that use ‘http://’ instead of ‘https://’, meaning data sent and received is not encrypted. This exposes sensitive information to anyone who can intercept network traffic.

Impact

An attacker could intercept or modify data exchanged between your application and the server, potentially stealing credentials, session tokens, or other confidential information. This can lead to data breaches, account compromise, and loss of user trust.

Cleartext Transmission of Sensitive Information

Property
Languagego
Severityhigh
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelHigh

Description

Disabling TLS/SSL certificate verification (e.g., setting InsecureSkipVerify to true) allows connections to proceed without checking if the server’s identity is authentic. This makes the application trust any server, even malicious ones.

Impact

Attackers can intercept or modify sensitive data in transit through man-in-the-middle attacks, potentially stealing credentials or injecting malicious content. This compromises user privacy, data integrity, and can lead to broader system breaches.

Cleartext Transmission of Sensitive Information

Property
Languagego
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code is making HTTP requests using the ‘sling’ library over unencrypted (http://) connections instead of secure (https://) ones. This exposes any data sent—including sensitive information like personal details or credentials—to interception by attackers.

Impact

An attacker could intercept and read or modify data transmitted between your application and external services, leading to sensitive information leakage, compromised user privacy, or unauthorized actions. This can result in data breaches, regulatory violations, and loss of user trust.

Cleartext Transmission of Sensitive Information

Property
Languagego
Severitymedium
CWECWE-319: Cleartext Transmission of Sensitive Information
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The code sends HTTP requests to URLs starting with ‘http://’ instead of ‘https://’, meaning data is transmitted without encryption. This exposes any information sent or received to interception by attackers.

Impact

If exploited, sensitive data such as credentials, tokens, or personal information could be stolen by attackers monitoring network traffic. This may lead to data breaches, unauthorized access, or compromise of user accounts and services.