SYM_JAVA_0050 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code sends HTTP requests using HttpURLConnection over an unencrypted (HTTP) connection instead of HTTPS. This means any data sent—including sensitive information—can be intercepted by attackers during transmission.
Impact
If exploited, attackers could eavesdrop on or tamper with data exchanged between the application and the server, potentially exposing user credentials, personal data, or other confidential information. This can lead to data breaches, account compromise, and loss of user trust.