SYM_JSTS_0005 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The S3 bucket is created without enforcing SSL connections ('enforceSSL' is not set to true), allowing clients to access the bucket over unencrypted HTTP. This exposes any data transmitted to or from the bucket to interception.
Impact
Sensitive information stored or retrieved from the S3 bucket could be intercepted by attackers if accessed over insecure connections. This may lead to data leaks, compliance violations, and increases the risk of man-in-the-middle attacks compromising your application's confidentiality.