SYM_JAVA_0037 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The application is making HTTP requests using Java Spring's RestTemplate to URLs that start with 'http://', which sends data over an unencrypted connection. This exposes sensitive information to anyone who can intercept the network traffic.
Impact
If exploited, attackers could eavesdrop on requests and responses, capturing sensitive data such as authentication tokens, personal information, or API keys. This can lead to data breaches, session hijacking, or unauthorized access to user accounts and backend services.