SYM_PY_0090 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code is using urllib3's HTTPConnectionPool, which sends data over an unencrypted HTTP connection. This exposes any transmitted information to potential eavesdropping or interception.
Impact
Sensitive data such as credentials or personal information could be intercepted by attackers on the network, leading to data breaches, account compromise, or loss of user trust. Using unencrypted HTTP makes it easy for attackers to view or manipulate traffic between the application and remote servers.