Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code uses urllib to open an FTP URL, which transmits data in plain text without encryption. This means any sensitive information sent or received can be intercepted by attackers.
Impact#
If exploited, attackers can eavesdrop on the network traffic to steal credentials, confidential data, or manipulate files being transferred. This can lead to data breaches or unauthorized access, especially if the FTP connection is used for sensitive operations.