Insecure FTP transport
Description
Use of FTP for file transfers is insecure because it transmits credentials and data in plaintext, allowing attackers to intercept sensitive information in transit.
Examples
Insecure Code
java
FTPClient ftpClient = new FTPClient();
ftpClient.connect("ftp.example.com");
ftpClient.login("username", "password");Secure Code
java
FTPSClient ftpsClient = new FTPSClient();
ftpsClient.connect("ftps.example.com");
ftpsClient.login("username", "password");Remediation
Use secure alternatives such as SFTP or FTPS.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0514 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-319 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | ftp, insecure-transport |
| OWASP | A02:2021-Cryptographic Failures |