Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code sends HTTP requests to URLs using ‘http://’ instead of ‘https://’, meaning the data is transmitted without encryption. This exposes any information sent or received to interception by attackers.
Impact#
Sensitive data such as login credentials, personal information, or session tokens can be intercepted and read by attackers on the network. This can lead to account compromise, data theft, and severe privacy violations for users or the organization.