SYM_PY_0075 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code uses urllib to open an FTP URL, which transmits data in plain text without encryption. This means any sensitive information sent or received can be intercepted by attackers.
Impact
If exploited, attackers can eavesdrop on the network traffic to steal credentials, confidential data, or manipulate files being transferred. This can lead to data breaches or unauthorized access, especially if the FTP connection is used for sensitive operations.