Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code sends HTTP requests over plain ‘http://’ URLs instead of secure ‘https://’, meaning data is transmitted without encryption. This exposes any information sent or received to being intercepted by attackers.
Impact#
Attackers on the same network can eavesdrop on or modify sensitive data in transit, such as authentication tokens, personal information, or API responses. This can lead to data breaches, account compromise, and loss of user trust.