Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code is using OpenerDirector.open() to connect via an ‘ftp://’ URL, which transmits data unencrypted over the network. This exposes any information sent or received to interception by attackers.
Impact#
Sensitive data such as credentials or files can be captured by anyone monitoring the network during FTP transfers. This can lead to data theft, unauthorized access, or compromise of confidential information, putting users and the organization at risk.