Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-319 (敏感数据的明文传输) — Vulnerability Class 356

356 vulnerabilities classified as CWE-319 (敏感数据的明文传输). AI Chinese analysis included.

CWE-319 represents a critical security weakness where applications transmit sensitive or security-critical data in cleartext over communication channels susceptible to interception. Attackers typically exploit this vulnerability by employing network sniffing tools to capture unencrypted packets, thereby gaining unauthorized access to confidential information such as login credentials, personal identifiable information, or financial data. This exposure occurs because the data lacks encryption during transit, allowing malicious actors to read the contents without authentication. To prevent this, developers must implement robust encryption protocols, such as TLS or SSL, for all data in transit. Additionally, enforcing strict security policies that mandate encrypted connections for all sensitive communications ensures that data remains protected against eavesdropping and man-in-the-middle attacks, maintaining confidentiality and integrity throughout the transmission process.

MITRE CWE Description
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Common Consequences (2)
Integrity, ConfidentialityRead Application Data, Modify Files or Directories
Anyone can read the information by gaining access to the channel being used for communication. Many communication channels can be "sniffed" (monitored) by adversaries during data transmission. For example, in networking, packets can traverse many intermediary nodes from the source to the destination…
Integrity, ConfidentialityRead Application Data, Modify Files or Directories, Other
When full communications are recorded or logged, such as with a packet dump, an adversary could attempt to obtain the dump long after the transmission has occurred and try to "sniff" the cleartext from the recorded communications in the dump itself. Even if the information is encoded in a way that i…
Mitigations (5)
Architecture and DesignBefore transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
ImplementationWhen using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
ImplementationWhen designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
TestingUse tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
OperationConfigure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
Examples (2)
The following code attempts to establish a connection to a site to communicate sensitive information.
try { URL u = new URL("http://www.secret.example.org/"); HttpURLConnection hu = (HttpURLConnection) u.openConnection(); hu.setRequestMethod("PUT"); hu.connect(); OutputStream os = hu.getOutputStream(); hu.disconnect(); } catch (IOException e) { //... }
Bad · Java
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2026-27752 SODOLA SL902-SWTGW124AS <= 200.1.20 Cleartext Credential Transmission — SODOLA SL902-SWTGW124AS 5.9 Medium2026-02-27
CVE-2026-24455 Jinan USR IOT Technology Limited (PUSR) USR-W610 Cleartext Transmission of Sensitive Information — USR-W610 7.5 High2026-02-20
CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows — DB2 Recovery Expert for LUW 5.9 Medium2026-02-17
CVE-2026-2539 Micca KE700 Cleartext transmission of key fob ID — Car Alarm System KE700 6.5AIMediumAI2026-02-15
CVE-2025-10174 Improper Access Control in Pan Software's PanCafe Pro — PanCafe Pro 8.3 High2026-02-11
CVE-2025-66604 Yokogawa FAST/TOOLS 安全漏洞 — FAST/TOOLS 5.3AIMediumAI2026-02-09
CVE-2026-0714 Moxa Industrial Linux 安全漏洞 — UC-1200A Series 4.2AIMediumAI2026-02-05
CVE-2026-24441 Tenda AC7 Transmits Admin Credentials Without HTTPS Protection — Tenda AC7 9.1AICriticalAI2026-02-03
CVE-2026-1777 Cleartext transmission of sensitive materials in aws/sagemaker-python-sdk — SageMaker Python SDK 7.2 High2026-02-02
CVE-2026-23564 Transmission of Unencrypted Data in Content Distribution Service — DEX 6.5 Medium2026-01-29
CVE-2026-22274 Dell ECS 安全漏洞 — ObjectScale 6.5 Medium2026-01-23
CVE-2026-22271 Dell ECS 安全漏洞 — ObjectScale 7.5 High2026-01-23
CVE-2026-0767 Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability — Open WebUI 6.5 -2026-01-23
CVE-2025-64769 AVEVA Process Optimization Cleartext Transmission of Sensitive Information — Process Optimization 7.1 High2026-01-16
CVE-2025-13454 Lenovo多款产品 安全漏洞 — ThinkPlus FU100 5.5 Medium2026-01-14
CVE-2025-69272 Spectrum password returned in clear — DX NetOps Spectrum 5.9AIMediumAI2026-01-12
CVE-2026-22080 Insecure Transmission Vulnerability in Tenda Wireless Routers — 300Mbps Wireless Router F3 and N300 Easy Setup Router 7.5 -2026-01-09
CVE-2026-22079 Cleartext Transmission Vulnerability in Tenda Wireless Routers — 300Mbps Wireless Router F3 and N300 Easy Setup Router 8.1 -2026-01-09
CVE-2019-25278 FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure — FaceSentry Access Control System 5.9 Medium2026-01-07
CVE-2026-22544 EXCHANGE OF CREDENTIALS IN CLEAR TEXT — QC 60/90/120 7.5 -2026-01-07
CVE-2020-36917 iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie — iDS6 DSSPro Digital Signage System 7.5 High2026-01-06
CVE-2020-36914 QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure — QiHang Media Web (QH.aspx) Digital Signage 7.5 High2026-01-06
CVE-2025-62578 DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information — DVP-12SE 7.5 -2025-12-26
CVE-2025-61738 Johnson Controls PowerG and IQPanel cleartext transmission of sensitive information — IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerG 7.4AIHighAI2025-12-22
CVE-2025-62330 HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information — DevOps Deploy 5.9 Medium2025-12-16
CVE-2023-53881 ReyeeOS 1.204.1614 Man-in-the-Middle Remote Code Execution via CWMP — ReyeeOS 8.1AIHighAI2025-12-15
CVE-2023-53875 GOM Player 2.3.90.5360 Remote Code Execution via Insecure IE Component — GOM Player 8.8AIHighAI2025-12-15
CVE-2025-13489 IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information — UCD - IBM DevOps Deploy 5.9 Medium2025-12-15
CVE-2025-66573 Solstice Pod API Session Key Extraction via API Endpoint — Solstice Pod API Session Key Extraction via API Endpoint 7.5AIHighAI2025-12-04
CVE-2024-48894 Socomec DIRIS Digiware M-70 安全漏洞 — DIRIS Digiware M-70 5.9 Medium2025-12-01

Vulnerabilities classified as CWE-319 (敏感数据的明文传输) represent 356 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.