SYM_HTML_0001 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code includes links that use the unsecured HTTP protocol instead of HTTPS. This means any data sent or received through these links can be intercepted or tampered with by attackers.
Impact
If users follow HTTP links, sensitive information like login credentials or personal details could be exposed to eavesdroppers on the network. Attackers might intercept or alter the content, leading to data theft, account compromise, or malicious redirection.