Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
Disabling TLS/SSL certificate verification (e.g., setting InsecureSkipVerify to true) allows connections to proceed without checking if the server’s identity is authentic. This makes the application trust any server, even malicious ones.
Impact#
Attackers can intercept or modify sensitive data in transit through man-in-the-middle attacks, potentially stealing credentials or injecting malicious content. This compromises user privacy, data integrity, and can lead to broader system breaches.