SYM_CONF_0001 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
TLS certificate verification is disabled for this service, meaning it will trust any server certificate, even if it's invalid or fake. This makes HTTPS connections vulnerable to interception and tampering.
Impact
Attackers could perform man-in-the-middle attacks to intercept or alter sensitive data sent between your service and the server. This compromises data confidentiality and integrity, potentially exposing credentials or allowing unauthorized access.