Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code is using HTTP servers instead of HTTPS, which means data sent between clients and the server is not encrypted. This exposes sensitive information to anyone who can intercept the network traffic.
Impact#
An attacker could eavesdrop on or tamper with data transmitted between users and your application, potentially stealing credentials, session tokens, or personal data. This can lead to user account compromise, data breaches, and loss of trust in your service.