SYM_JAVA_0043 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code establishes socket connections to servers using insecure protocols like HTTP, FTP, or Telnet, which send data without encryption. This exposes any transmitted information, such as credentials or sensitive data, to interception.
Impact
Attackers on the same network can easily intercept and read sensitive information sent over these connections, leading to data breaches, compromised user accounts, or exposure of confidential application data. This can result in loss of user trust, regulatory violations, and damage to organizational reputation.