SYM_PY_0051 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Using Python's telnetlib sends all data, including passwords, over the network without encryption. This makes sensitive information easily accessible to anyone who can intercept the traffic.
Impact
Attackers can eavesdrop on network communications and steal credentials or other sensitive data sent via Telnet, leading to unauthorized access and data breaches. Using unencrypted protocols like Telnet exposes your users and systems to significant security risks.