SYM_PY_0082 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code is using urllib's URLopener to open FTP URLs, which transmits data unencrypted over the network. This exposes any transmitted credentials or sensitive information to interception.
Impact
Attackers on the network could easily capture usernames, passwords, or files sent via FTP, leading to data leaks or unauthorized access. Using insecure FTP can compromise sensitive data and put user accounts or systems at risk.