Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code is making HTTP or FTP requests using OpenURI without encryption, which means data sent or received can be intercepted by attackers. Using unencrypted protocols exposes sensitive information during transmission.
Impact#
An attacker on the network could eavesdrop on or tamper with the data being transferred, potentially stealing credentials, personal information, or modifying content. This can lead to data breaches, user impersonation, or compromised application integrity.