Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code is making HTTP requests using ‘http://’ instead of ‘https://’. This means data sent and received is not encrypted, exposing it to anyone monitoring the network.
Impact#
If an attacker intercepts this unencrypted traffic, they could steal sensitive information like login credentials or personal data, or tamper with the communication. This puts users and the application’s security at significant risk.