SYM_PY_0077 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code uses urllib's urlretrieve() to download files over FTP (ftp://), which transmits data without encryption. This exposes any downloaded content or credentials to interception by attackers.
Impact
If exploited, sensitive data or authentication information may be stolen by anyone monitoring the network. This can lead to data breaches, credential compromise, or tampering with downloaded files, putting users and systems at risk.