Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
FTP connections made using the ‘ftp’ module in Node.js without setting ‘secure: true’ send data, including credentials, over the network without encryption. This exposes sensitive information to anyone who can monitor network traffic.
Impact#
An attacker could intercept and read unencrypted FTP traffic, potentially stealing usernames, passwords, or other sensitive data transmitted between your application and the FTP server. This could lead to data breaches, compromised accounts, or further attacks on your systems.