Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code establishes socket connections to servers using insecure protocols like HTTP, FTP, or Telnet, which send data without encryption. This exposes any transmitted information, such as credentials or sensitive data, to interception.
Impact#
Attackers on the same network can easily intercept and read sensitive information sent over these connections, leading to data breaches, compromised user accounts, or exposure of confidential application data. This can result in loss of user trust, regulatory violations, and damage to organizational reputation.