Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
TLS certificate verification is disabled for this service, meaning it will trust any server certificate, even if it’s invalid or fake. This makes HTTPS connections vulnerable to interception and tampering.
Impact#
Attackers could perform man-in-the-middle attacks to intercept or alter sensitive data sent between your service and the server. This compromises data confidentiality and integrity, potentially exposing credentials or allowing unauthorized access.