Insecure FTP protocol detected in Spring Integration configuration
Description
The code uses the FTP protocol to transmit data in cleartext, which is insecure. Sensitive information, such as credentials or personal data, can be intercepted by an attacker.
Examples
Insecure Code
java
DefaultFtpSessionFactory sf = new DefaultFtpSessionFactory(); sf.setHost("ftp://example.com");Secure Code
java
DefaultFtpSessionFactory sf = new DefaultFtpSessionFactory(); sf.setHost("ftps://example.com");Remediation
Use secure protocols like FTPS or SFTP instead of FTP to encrypt the data in transit.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0646 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-319 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | ftp, ftps, sftp, cleartext |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |