SYM_PY_0170 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Unprotected Transport of Credentials
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-523: Unprotected Transport of Credentials |
| OWASP | A02:2017 - Broken Authentication |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code sends authentication credentials over plain HTTP, which does not encrypt the data. This means usernames and passwords can be intercepted by anyone monitoring the network.
Impact
If exploited, attackers can capture login credentials in transit, leading to unauthorized access to user accounts or sensitive systems. This compromises user privacy and can result in data breaches or further attacks within your application or organization.