Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Database connections using Sequelize are established without enforcing TLS/SSL encryption, meaning sensitive data like credentials can be transmitted in plain text over the network. This exposes the connection to interception by attackers.
Impact#
Without TLS/SSL, attackers on the network could eavesdrop on or tamper with database traffic, stealing credentials or sensitive data and potentially injecting malicious data. This undermines both data confidentiality and integrity, putting application and user information at risk.