SYM_PY_0073 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code uses urllib to open URLs starting with 'http://', which means data is transmitted without encryption. This exposes any information sent or received to interception by attackers.
Impact
Sensitive data such as credentials, personal information, or session tokens could be captured or tampered with by anyone monitoring the network. This can lead to data breaches, account compromise, or other security incidents affecting users and the organization.