SYM_JAVA_0049 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code sends HTTP requests using the HttpGet class over an unencrypted HTTP connection. This exposes any data sent or received—including sensitive information—to interception by attackers on the network.
Impact
If exploited, attackers could eavesdrop on or modify data transmitted between the application and the server, potentially stealing credentials, personal data, or injecting malicious content. This can lead to data breaches, compromised user accounts, and loss of trust in your application.