SYM_JAVA_0041 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code establishes a connection using the Telnet protocol, which does not encrypt data sent over the network. This means any information, including passwords or sensitive commands, is transmitted in cleartext and can be intercepted.
Impact
Attackers could easily capture and read sensitive data transmitted over Telnet, leading to credential theft or exposure of confidential information. This can result in unauthorized access to systems, data breaches, and potential regulatory violations for the organization.