Statements (45)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:affects |
Web applications
APIs Mobile applications |
| gptkbp:category |
gptkb:security
|
| gptkbp:consequences |
Identity theft.
Legal implications. Financial loss. Reputation damage. Unauthorized access to sensitive data. |
| gptkbp:description |
The software transmits sensitive information in cleartext, allowing it to be intercepted by unauthorized parties.
|
| gptkbp:difficulty_levels |
gptkb:High
|
| gptkbp:example |
Transmitting credit card information without encryption.
Not using HTTPS for login pages. Sending passwords over HTTP instead of HTTPS. Sending session tokens in cleartext. Sending user credentials in an unencrypted email. Using FTP instead of SFTP. |
| gptkbp:has_weakness |
gptkb:CWE-200
CWE-255 CWE-310 |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-319
|
| gptkbp:impact |
Data exposure
|
| gptkbp:is_a_tool_for |
Static analysis tools.
Web application firewalls. Dynamic analysis tools. Network monitoring tools. Penetration testing tools. |
| gptkbp:is_referenced_in |
https://cwe.mitre.org/data/definitions/319.html
|
| gptkbp:is_standardized_by |
gptkb:PCI_DSS
gptkb:NIST_SP_800-53 gptkb:ISO/_IEC_27001 gptkb:OWASP_Top_Ten CIS Controls |
| gptkbp:name |
Cleartext Transmission of Sensitive Information
|
| gptkbp:prevention |
Conduct regular security audits.
Educate developers on security risks. Implement secure coding practices. Regularly update software dependencies. Use encryption protocols like TLS. Use secure communication channels. |
| gptkbp:related_to |
gptkb:CWE-326
CWE-311 |
| gptkbp:bfsParent |
gptkb:CWE-200
|
| gptkbp:bfsLayer |
8
|