Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
Using the ’net/ftp’ package to connect to FTP servers sends all data, including credentials and files, over the network without encryption. This exposes sensitive information to anyone who can monitor network traffic.
Impact#
An attacker could intercept users’ credentials or confidential data transmitted via FTP, leading to unauthorized access, data breaches, or compliance violations. This puts both user privacy and organizational security at risk.