SYM_PY_0081 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code is downloading data over an unsecured HTTP connection using 'URLopener.retrieve'. This exposes the data in transit to interception or tampering because the connection is not encrypted.
Impact
Attackers on the network could intercept or modify the files being downloaded, leading to data leaks or potentially malicious content being injected. This can compromise sensitive information and the integrity of your application.