SYM_PY_0076 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code creates a urllib.request.Request using an 'http://' URL, which means data is sent over an unencrypted connection. This exposes any transmitted information to interception or tampering.
Impact
Using unencrypted HTTP can allow attackers to intercept sensitive data (like credentials or personal info), modify requests, or perform man-in-the-middle attacks. This can compromise user privacy and the integrity of application data.