SYM_GO_0072 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The application is making HTTP requests using the gorequest library without encryption. This exposes any data sent or received—including sensitive information like personal details or credentials—to interception by attackers on the network.
Impact
If exploited, attackers could eavesdrop on or manipulate data transmitted between your application and external servers. This could lead to sensitive user information being stolen, account compromise, or regulatory violations due to unprotected data in transit.