SYM_GO_0073 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code connects to a Telnet server using the 'telnet' package, which transmits data—including potentially sensitive information—unencrypted over the network. This exposes all communication to interception by attackers.
Impact
If exploited, attackers could intercept and read credentials or other confidential data sent over Telnet, leading to account compromise, data leaks, or unauthorized system access. This can seriously undermine the application's security and put user or organizational data at risk.