Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code sends HTTP requests using grequests over unencrypted (http://) connections. This exposes sensitive data, such as personal information or credentials, to anyone who can intercept the network traffic.
Impact#
Attackers on the same network could eavesdrop on unencrypted requests and responses, leading to data leaks, credential theft, or session hijacking. This compromises user privacy and can result in regulatory violations or reputational damage to your organization.