SYM_JAVA_0039 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code establishes FTP connections using Spring's ftpSessionFactory, which sends data—including potentially sensitive information—over the network in plain text. FTP does not provide encryption, so any data transferred can be intercepted by attackers.
Impact
If exploited, attackers could eavesdrop on network traffic and capture sensitive data like credentials or personal information sent via FTP. This could lead to data breaches, credential theft, and regulatory compliance violations, putting users and the organization at risk.