SYM_GO_0076 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code is making HTTP requests using the 'sling' library over unencrypted (http://) connections instead of secure (https://) ones. This exposes any data sent—including sensitive information like personal details or credentials—to interception by attackers.
Impact
An attacker could intercept and read or modify data transmitted between your application and external services, leading to sensitive information leakage, compromised user privacy, or unauthorized actions. This can result in data breaches, regulatory violations, and loss of user trust.