SYM_JAVA_0040 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code creates outgoing connections to FTP servers, which transmit all data—including potentially sensitive information—unencrypted over the network. This exposes user data to anyone who can intercept network traffic.
Impact
Attackers observing network traffic could capture credentials, personal information, or other confidential data sent via FTP. This can result in data breaches, regulatory violations, and compromise of user privacy or system integrity.