SYM_PY_0084 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code is using OpenerDirector.open() to connect via an 'ftp://' URL, which transmits data unencrypted over the network. This exposes any information sent or received to interception by attackers.
Impact
Sensitive data such as credentials or files can be captured by anyone monitoring the network during FTP transfers. This can lead to data theft, unauthorized access, or compromise of confidential information, putting users and the organization at risk.