Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code is making HTTP requests to URLs that use ‘http://’ instead of ‘https://’, meaning data sent and received is not encrypted. This exposes sensitive information to anyone who can intercept network traffic.
Impact#
An attacker could intercept or modify data exchanged between your application and the server, potentially stealing credentials, session tokens, or other confidential information. This can lead to data breaches, account compromise, and loss of user trust.