SYM_JAVA_0038 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The code disables or overrides TLS/SSL certificate verification, which stops the application from properly checking if it's connecting to a trusted server. This makes it easy for attackers to intercept or tamper with sensitive data during transmission.
Impact
If exploited, attackers could perform man-in-the-middle attacks, intercepting or altering confidential information such as passwords, personal details, or session tokens. This may lead to data breaches, loss of user trust, and potential regulatory violations.