SYM_GEN_0036 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code is establishing WebSocket connections using the insecure 'ws://' protocol instead of 'wss://'. This means data sent over the connection is not encrypted and can be intercepted by attackers.
Impact
If exploited, sensitive information transmitted via these WebSockets can be read or tampered with by attackers on the network. This could lead to data breaches, session hijacking, or unauthorized access to user data, putting both users and the organization at risk.