Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code establishes FTP connections using Spring’s ftpSessionFactory, which sends data—including potentially sensitive information—over the network in plain text. FTP does not provide encryption, so any data transferred can be intercepted by attackers.
Impact#
If exploited, attackers could eavesdrop on network traffic and capture sensitive data like credentials or personal information sent via FTP. This could lead to data breaches, credential theft, and regulatory compliance violations, putting users and the organization at risk.