Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code creates outgoing connections to FTP servers, which transmit all data—including potentially sensitive information—unencrypted over the network. This exposes user data to anyone who can intercept network traffic.
Impact#
Attackers observing network traffic could capture credentials, personal information, or other confidential data sent via FTP. This can result in data breaches, regulatory violations, and compromise of user privacy or system integrity.