Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
Disabling or bypassing TLS/SSL certificate verification in X509TrustManager allows insecure connections, making the app trust any server certificate. This exposes sensitive data to interception and should only be used temporarily for debugging, never in production.
Impact#
If exploited, attackers could perform man-in-the-middle (MITM) attacks to intercept, read, or modify data transmitted between the app and its servers. This can lead to the exposure of user credentials, personal information, and other sensitive data, resulting in data breaches and loss of user trust.