Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code sends HTTP requests to URLs starting with ‘http://’ instead of ‘https://’, meaning data is transmitted without encryption. This exposes any information sent or received to interception by attackers.
Impact#
If exploited, sensitive data such as credentials, tokens, or personal information could be stolen by attackers monitoring network traffic. This may lead to data breaches, unauthorized access, or compromise of user accounts and services.