SYM_RB_0081 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
Using the 'net/ftp' package to connect to FTP servers sends all data, including credentials and files, over the network without encryption. This exposes sensitive information to anyone who can monitor network traffic.
Impact
An attacker could intercept users' credentials or confidential data transmitted via FTP, leading to unauthorized access, data breaches, or compliance violations. This puts both user privacy and organizational security at risk.