SYM_PY_0079 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code is using 'URLopener.retrieve()' with an 'ftp://' URL, which transfers data without encryption. This means any data sent or received can be intercepted by attackers on the network.
Impact
Sensitive information such as credentials or files could be exposed to eavesdroppers during transfer. This puts user data and the application's security at risk, as attackers could steal or tamper with the transmitted information.