Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code is making HTTP requests using ‘http://’ instead of ‘https://’, which means data sent and received is not encrypted. This exposes sensitive information, such as credentials or personal data, to interception over the network.
Impact#
If exploited, attackers could intercept or modify unencrypted data in transit, leading to information theft, session hijacking, or manipulation of application behavior. This can compromise user privacy and the security of your application and its users.