Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code is making HTTP requests using the ‘sling’ library over unencrypted (http://) connections instead of secure (https://) ones. This exposes any data sent—including sensitive information like personal details or credentials—to interception by attackers.
Impact#
An attacker could intercept and read or modify data transmitted between your application and external services, leading to sensitive information leakage, compromised user privacy, or unauthorized actions. This can result in data breaches, regulatory violations, and loss of user trust.