SYM_PY_0085 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code is making HTTP requests using 'http://' instead of 'https://', which means data sent and received is not encrypted. This exposes any transmitted information to potential interception.
Impact
Unencrypted HTTP requests can allow attackers to eavesdrop on sensitive data, such as authentication tokens or user information, leading to data breaches or account compromise. This can undermine user privacy and the security of your application.