Cleartext communication over HTTP
Description
Detected use of HTTPConnectionPool, which transmits data in plaintext. This can expose sensitive data to man-in-the-middle (MITM) attacks.
Examples
Insecure Code
python
import urllib3
pool = urllib3.connectionpool.HTTPConnectionPool("example.com")Secure Code
python
import urllib3
pool = urllib3.connectionpool.HTTPSConnectionPool("example.com")Remediation
Use HTTPSConnectionPool to ensure encrypted communication.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0509 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-319 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | man-in-the-middle, MITM, cleartext |
| OWASP | A02:2021-Cryptographic Failures |