Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code is using ‘URLopener.retrieve()’ with an ‘ftp://’ URL, which transfers data without encryption. This means any data sent or received can be intercepted by attackers on the network.
Impact#
Sensitive information such as credentials or files could be exposed to eavesdroppers during transfer. This puts user data and the application’s security at risk, as attackers could steal or tamper with the transmitted information.