SYM_CONF_0060 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Redis cache is configured to allow non-SSL (unencrypted) connections, which means data sent between clients and the cache can be intercepted and read in plain text. This exposes sensitive information to potential attackers.
Impact
If exploited, attackers on the network could eavesdrop on credentials, session data, or other sensitive information transmitted to and from the Redis cache. This can lead to data breaches, unauthorized access, and compromise of confidential data.