SYM_JAVA_0119 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code is creating Java sockets (ServerSocket or Socket) without encryption, which means data sent over the network is transmitted in plain text. This exposes sensitive information to anyone who can intercept the network traffic.
Impact
If exploited, attackers could eavesdrop on or tamper with data exchanged between clients and servers, leading to exposure of credentials, personal information, or other confidential data. This can result in data breaches, identity theft, or unauthorized access to the application.