SYM_PY_0080 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code is using 'URLopener.open' with a URL that starts with 'http://', which creates an unsecured connection. This allows data to be sent and received without encryption, making it vulnerable to interception.
Impact
Sensitive information such as credentials or personal data could be exposed to attackers if intercepted over an unencrypted connection. This may lead to data breaches, account compromise, or leakage of confidential information.