SYM_JAVA_0047 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
Disabling or bypassing TLS/SSL certificate verification in X509TrustManager allows insecure connections, making the app trust any server certificate. This exposes sensitive data to interception and should only be used temporarily for debugging, never in production.
Impact
If exploited, attackers could perform man-in-the-middle (MITM) attacks to intercept, read, or modify data transmitted between the app and its servers. This can lead to the exposure of user credentials, personal information, and other sensitive data, resulting in data breaches and loss of user trust.