Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Using ftplib.FTP transmits all data, including login credentials, in plain text over the network. This exposes sensitive information to anyone who can intercept the traffic. To secure data in transit, use ftplib.FTP_TLS instead.
Impact#
If exploited, attackers could intercept and read usernames, passwords, and any files transferred between the client and server. This can lead to unauthorized access, data theft, or further compromise of user accounts and internal systems.