SYM_PY_0083 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code creates a urllib.request.Request to an 'ftp://' URL, which uses an unencrypted FTP connection. This means any data sent or received can be intercepted or modified by attackers on the network.
Impact
Transmitting sensitive data over unencrypted FTP exposes it to eavesdropping and tampering, potentially leading to credential theft, data leaks, or unauthorized access. Attackers could read or alter transferred information, putting both user data and system integrity at risk.