SYM_JSTS_0008 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code is making network requests using HTTP instead of HTTPS, which means data sent and received is not encrypted. This exposes sensitive information to anyone who can intercept the network traffic.
Impact
Attackers on the same network could eavesdrop on or tamper with data being transmitted, potentially stealing credentials, personal data, or injecting malicious content. This can lead to data breaches, compromised user accounts, and loss of user trust.