SYM_GO_0064 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Channel Accessible by Non-Endpoint
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-300: Channel Accessible by Non-Endpoint |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The gRPC client is being configured to connect to the server without encryption by using grpc.WithInsecure(). This means all data sent between client and server is transmitted in plain text and can be intercepted.
Impact
Without encryption, attackers on the network can read or modify sensitive gRPC messages, potentially exposing confidential data or injecting malicious commands. This undermines the security of both client and server, making it easier for attackers to compromise the application or gain unauthorized access.