Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code uses urllib’s urlretrieve() to download files over FTP (ftp://), which transmits data without encryption. This exposes any downloaded content or credentials to interception by attackers.
Impact#
If exploited, sensitive data or authentication information may be stolen by anyone monitoring the network. This can lead to data breaches, credential compromise, or tampering with downloaded files, putting users and systems at risk.