Insecure Protocol in Socket Connection

Description

The code uses insecure protocols (FTP, HTTP, Telnet) for socket connections, which transmit data in plaintext and can expose sensitive information.

Examples

Insecure Code

java

java.net.Socket socket = new java.net.Socket("ftp://example.com", 21);

Secure Code

java

java.net.Socket socket = new java.net.Socket("ftps://example.com", 21);

Remediation

Use encrypted alternatives such as HTTPS, FTPS/SFTP, or SSH to protect sensitive data in transit.

Rule Details

Field	Value
ID	CODE-0240
Category	Crypto
Severity	MEDIUM
CWE	CWE-319
Confidence	LOW
Impact	MEDIUM
Likelihood	MEDIUM
Exploitability	EASY
Tags	socket, insecure protocol
OWASP	A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures

References

https://docs.oracle.com/javase/8/docs/api/java/net/Socket.html

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Insecure Protocol in Socket Connection

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Insecure Protocol in Socket Connection ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Insecure Protocol in Socket Connection

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References