Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code is using OpenerDirector.open() to access URLs over ‘http://’ instead of ‘https://’. This means data sent and received is not encrypted and can be intercepted by attackers.
Impact#
Transmitting information over an unencrypted channel exposes sensitive data (like credentials or personal info) to interception or tampering by attackers. This can lead to data breaches, account compromise, and undermines user trust in the application.