Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The server is started using HTTP without TLS encryption, which means all data sent between clients and the server is transmitted in plain text. This exposes sensitive information to anyone who can intercept the network traffic.
Impact#
Without TLS, attackers can eavesdrop on or tamper with data exchanged between users and the server, potentially stealing credentials, session tokens, or personal data. This can lead to data breaches, user impersonation, and loss of trust in your application.