SYM_GO_0065 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Channel Accessible by Non-Endpoint
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-300: Channel Accessible by Non-Endpoint |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The gRPC server is being started without SSL/TLS credentials, which means connections to it are not encrypted. This allows clients to connect over an insecure channel, making sensitive data visible in transit.
Impact
Without encryption, attackers could intercept, read, or modify gRPC messages between clients and the server. This could expose confidential information, allow message tampering, or open the server to various network-based attacks, potentially compromising application integrity and user data.