Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code is making outbound connections to FTP servers using the ftp package. FTP transmits data, including sensitive information like credentials, in plain text without encryption, making it vulnerable to interception.
Impact#
Attackers on the network can eavesdrop on FTP traffic and capture sensitive data such as usernames, passwords, or personal information. This can lead to data breaches, account compromise, and regulatory violations due to exposure of confidential user data.