Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code sends HTTP requests to URLs using unencrypted (http) connections with libraries like HTTParty or RestClient. This exposes any transmitted data—including sensitive information—to interception by attackers on the network.
Impact#
If exploited, attackers can eavesdrop on or manipulate the data sent between your application and external services, potentially stealing user credentials, session tokens, or other confidential data. This puts both your users and the application at risk of data breaches, account compromise, or man-in-the-middle attacks.