Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code connects to a Telnet server using the ’telnet’ package, which transmits data—including potentially sensitive information—unencrypted over the network. This exposes all communication to interception by attackers.
Impact#
If exploited, attackers could intercept and read credentials or other confidential data sent over Telnet, leading to account compromise, data leaks, or unauthorized system access. This can seriously undermine the application’s security and put user or organizational data at risk.