SYM_PY_0078 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code is using OpenerDirector.open() to access URLs over 'http://' instead of 'https://'. This means data sent and received is not encrypted and can be intercepted by attackers.
Impact
Transmitting information over an unencrypted channel exposes sensitive data (like credentials or personal info) to interception or tampering by attackers. This can lead to data breaches, account compromise, and undermines user trust in the application.