Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-319 (敏感数据的明文传输) — Vulnerability Class 356

356 vulnerabilities classified as CWE-319 (敏感数据的明文传输). AI Chinese analysis included.

CWE-319 represents a critical security weakness where applications transmit sensitive or security-critical data in cleartext over communication channels susceptible to interception. Attackers typically exploit this vulnerability by employing network sniffing tools to capture unencrypted packets, thereby gaining unauthorized access to confidential information such as login credentials, personal identifiable information, or financial data. This exposure occurs because the data lacks encryption during transit, allowing malicious actors to read the contents without authentication. To prevent this, developers must implement robust encryption protocols, such as TLS or SSL, for all data in transit. Additionally, enforcing strict security policies that mandate encrypted connections for all sensitive communications ensures that data remains protected against eavesdropping and man-in-the-middle attacks, maintaining confidentiality and integrity throughout the transmission process.

MITRE CWE Description
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Common Consequences (2)
Integrity, ConfidentialityRead Application Data, Modify Files or Directories
Anyone can read the information by gaining access to the channel being used for communication. Many communication channels can be "sniffed" (monitored) by adversaries during data transmission. For example, in networking, packets can traverse many intermediary nodes from the source to the destination…
Integrity, ConfidentialityRead Application Data, Modify Files or Directories, Other
When full communications are recorded or logged, such as with a packet dump, an adversary could attempt to obtain the dump long after the transmission has occurred and try to "sniff" the cleartext from the recorded communications in the dump itself. Even if the information is encoded in a way that i…
Mitigations (5)
Architecture and DesignBefore transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
ImplementationWhen using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
ImplementationWhen designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
TestingUse tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
OperationConfigure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
Examples (2)
The following code attempts to establish a connection to a site to communicate sensitive information.
try { URL u = new URL("http://www.secret.example.org/"); HttpURLConnection hu = (HttpURLConnection) u.openConnection(); hu.setRequestMethod("PUT"); hu.connect(); OutputStream os = hu.getOutputStream(); hu.disconnect(); } catch (IOException e) { //... }
Bad · Java
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2026-45180 Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids — Catalyst::Plugin::Statsd 7.5AIHighAI2026-05-10
CVE-2026-45179 Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses — Plack::Middleware::Statsd 5.3AIMediumAI2026-05-10
CVE-2025-59852 HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability — DFXAnalytics 3.7 Low2026-05-06
CVE-2026-7610 TRENDnet TEW-821DAP Firmware Update ssi cleartext transmission — TEW-821DAP 3.7 Low2026-05-02
CVE-2026-42514 Sensitive Data Exposure Vulnerability in e-Sushrut HMIS — e-Sushrut, Hospital Management Information System (HMIS) 9.8AICriticalAI2026-04-29
CVE-2026-40431 SenseLive X3050 Cleartext transmission of sensitive information — X3050 5.3 Medium2026-04-23
CVE-2026-41275 Flowise: Password Reset Link Sent Over Unsecured HTTP — Flowise 6.8AIMediumAI2026-04-23
CVE-2025-31981 HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption — BigFix Service Management (SM) 5.3 Medium2026-04-21
CVE-2026-40045 OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway Endpoints — OpenClaw 5.7 Medium2026-04-20
CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center — Automate 7.1 High2026-04-20
CVE-2026-33569 Anviz Products Cleartext Transmission of Sensitive Information — Anviz CX7 Firmware 6.5 Medium2026-04-17
CVE-2026-22155 Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 安全漏洞 — FortiSOAR on-premise 6.2 Medium2026-04-14
CVE-2026-21742 Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 安全漏洞 — FortiSOAR PaaS 5.4 Medium2026-04-14
CVE-2026-31923 Apache APISIX: Openid-connect `tls_verify` field is disabled by default — Apache APISIX 7.5 -2026-04-14
CVE-2026-31924 Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP — Apache APISIX 7.5 -2026-04-14
CVE-2026-5115 Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices — Papercut NG/MF 7.1AIHighAI2026-03-31
CVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment — Red Hat Enterprise Linux 8 5.9 Medium2026-03-30
CVE-2026-1014 IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information — InfoSphere Information Server 6.5 Medium2026-03-25
CVE-2025-64648 Multiple Vulnerabilities in IBM Concert Software — Concert 5.9 Medium2026-03-25
CVE-2026-20115 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 6.1 Medium2026-03-25
CVE-2026-4584 Shenzhen HCC Technology MPOS M6 PLUS Cardholder Data cleartext transmission — MPOS M6 PLUS 3.1 Low2026-03-23
CVE-2026-24060 Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information — WebCTRL Premium Server 9.1 Critical2026-03-20
CVE-2026-32309 Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes — cryptomator 9.1 -2026-03-20
CVE-2026-32838 Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP — Edimax GS-5008PL 7.5 High2026-03-17
CVE-2025-13718 IBM Sterling Partner Engagement Manager Information Disclosure — Sterling Partner Engagement Manager 3.7 Low2026-03-13
CVE-2026-23661 Azure IoT Explorer Information Disclosure Vulnerability — Azure IoT Explorer 7.5 High2026-03-10
CVE-2026-2671 Mendi Neurofeedback Headset Bluetooth Low Energy cleartext transmission — Neurofeedback Headset 3.1 Low2026-03-07
CVE-2026-30796 RustDesk Server Pro API Requires Address Book Password in Plaintext for Sync Protocol — RustDesk Server Pro 6.2 -2026-03-05
CVE-2026-30795 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure — RustDesk Client 7.5 -2026-03-05
CVE-2026-20801 Gallagher NxWitness VMS 安全漏洞 — NxWitness VMS and Hanwha VMS Integrations 5.6 Medium2026-03-03

Vulnerabilities classified as CWE-319 (敏感数据的明文传输) represent 356 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.