SYM_JSTS_0182 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code is using HTTP servers instead of HTTPS, which means data sent between clients and the server is not encrypted. This exposes sensitive information to anyone who can intercept the network traffic.
Impact
An attacker could eavesdrop on or tamper with data transmitted between users and your application, potentially stealing credentials, session tokens, or personal data. This can lead to user account compromise, data breaches, and loss of trust in your service.