SYM_JSTS_0177 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code sets up a Telnet server or client, which communicates without encrypting data. This means any sensitive information sent or received (like passwords) can be viewed by anyone monitoring the network.
Impact
Attackers can intercept and read all information exchanged over Telnet, including credentials and private data. This exposes users and systems to risks like credential theft, unauthorized access, and data breaches.