Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses FTP functions to transfer files, which sends data—including usernames, passwords, and file contents—over the network without encryption. This exposes sensitive information to anyone who can intercept the network traffic.
Impact#
If exploited, attackers could capture confidential data or credentials during transfer, leading to unauthorized access, data breaches, or manipulation of files. This can compromise user privacy and the security of your application or infrastructure.