SYM_JAVA_0032 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code creates a network socket without encryption, which means data sent over the connection is transmitted in plain text. This makes it easy for attackers to intercept and read sensitive information.
Impact
If exploited, attackers on the same network could capture and view confidential data such as passwords or personal information sent through the socket. This can lead to data breaches, loss of user trust, and possible regulatory violations.