SYM_JAVA_0045 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code sends HTTP requests using Unirest to URLs that start with 'http://', which means data is transmitted without encryption. This exposes any sensitive information in the request to interception.
Impact
Attackers on the network can eavesdrop on unencrypted traffic, potentially capturing sensitive data like login credentials or personal information. This can lead to data breaches, account compromise, and violation of privacy or compliance requirements.