Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code creates a urllib.request.Request using an ‘http://’ URL, which means data is sent over an unencrypted connection. This exposes any transmitted information to interception or tampering.
Impact#
Using unencrypted HTTP can allow attackers to intercept sensitive data (like credentials or personal info), modify requests, or perform man-in-the-middle attacks. This can compromise user privacy and the integrity of application data.