SYM_GEN_0056 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
This nginx configuration sets up redirects without explicitly specifying the 'https' scheme. As a result, users may be redirected over unencrypted HTTP, exposing sensitive data in transit.
Impact
If exploited, attackers could intercept or modify traffic during redirects, leading to the exposure of passwords, personal information, or session cookies. This weakens user privacy and can put the organization at risk of data breaches or compliance violations.