Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-319 (敏感数据的明文传输) — Vulnerability Class 356

356 vulnerabilities classified as CWE-319 (敏感数据的明文传输). AI Chinese analysis included.

CWE-319 represents a critical security weakness where applications transmit sensitive or security-critical data in cleartext over communication channels susceptible to interception. Attackers typically exploit this vulnerability by employing network sniffing tools to capture unencrypted packets, thereby gaining unauthorized access to confidential information such as login credentials, personal identifiable information, or financial data. This exposure occurs because the data lacks encryption during transit, allowing malicious actors to read the contents without authentication. To prevent this, developers must implement robust encryption protocols, such as TLS or SSL, for all data in transit. Additionally, enforcing strict security policies that mandate encrypted connections for all sensitive communications ensures that data remains protected against eavesdropping and man-in-the-middle attacks, maintaining confidentiality and integrity throughout the transmission process.

MITRE CWE Description
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Common Consequences (2)
Integrity, ConfidentialityRead Application Data, Modify Files or Directories
Anyone can read the information by gaining access to the channel being used for communication. Many communication channels can be "sniffed" (monitored) by adversaries during data transmission. For example, in networking, packets can traverse many intermediary nodes from the source to the destination…
Integrity, ConfidentialityRead Application Data, Modify Files or Directories, Other
When full communications are recorded or logged, such as with a packet dump, an adversary could attempt to obtain the dump long after the transmission has occurred and try to "sniff" the cleartext from the recorded communications in the dump itself. Even if the information is encoded in a way that i…
Mitigations (5)
Architecture and DesignBefore transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
ImplementationWhen using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
ImplementationWhen designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
TestingUse tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
OperationConfigure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
Examples (2)
The following code attempts to establish a connection to a site to communicate sensitive information.
try { URL u = new URL("http://www.secret.example.org/"); HttpURLConnection hu = (HttpURLConnection) u.openConnection(); hu.setRequestMethod("PUT"); hu.connect(); OutputStream os = hu.getOutputStream(); hu.disconnect(); } catch (IOException e) { //... }
Bad · Java
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2025-62765 General Industrial Controls Lynx+ Gateway Cleartext Transmission of Sensitive Information — Lynx+ Gateway 7.5 High2025-11-14
CVE-2025-12508 Unencrypted communication to Active Directory services — BRAIN2 8.4 High2025-10-31
CVE-2025-64389 EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT — TCPRS1plus 7.5 -2025-10-31
CVE-2025-34271 Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext — Log Server 8.8AIHighAI2025-10-30
CVE-2025-10641 Unencrypted cleartext communication in EfficientLab WorkExaminer Professional — WorkExaminer Professional 9.1AICriticalAI2025-10-21
CVE-2025-62643 Restaurant Brands International assistant platform 安全漏洞 — assistant platform 3.4 Low2025-10-17
CVE-2025-11492 HTTP Configuration and Encryption in Transit — Automate 9.6 Critical2025-10-16
CVE-2025-53139 Windows Hello Security Feature Bypass Vulnerability — Windows 10 Version 21H2 7.7 High2025-10-14
CVE-2025-41718 Murrelektronik: Unprotected Transport of Credentials — Firmware Impact67 Pro 54630 7.5 High2025-10-14
CVE-2025-11640 Tomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmission — Furbo 360 3.1 Low2025-10-12
CVE-2025-59448 YoSmart YoLink Ecosystem 安全漏洞 — YoLink ecosystem 4.7 Medium2025-10-06
CVE-2025-36274 IBM Aspera HTTP Gateway information disclosure — Aspera HTTP Gateway 7.5 High2025-09-26
CVE-2025-10540 Unencrypted and Unauthenticated Communication Allows Data Exposure and Manipulation in iMonitor EAM — iMonitor EAM 9.8AICriticalAI2025-09-25
CVE-2017-20200 Coinomi cleartext transmission — Coinomi 3.7 Low2025-09-23
CVE-2025-10776 LionCoders SalePro POS Login cleartext transmission — SalePro POS 3.7 Low2025-09-22
CVE-2025-54818 Cognex In-Sight Explorer and In-Sight Camera Firmware Cleartext Transmission of Sensitive Information — In-Sight 2000 series 8.0 High2025-09-18
CVE-2025-47698 Cognex多款产品 安全漏洞 — In-Sight 2000 series 6.5AIMediumAI2025-09-18
CVE-2025-7743 Sensitive Data Exposure in Dolusoft's Omaspot — Omaspot 9.6 Critical2025-09-16
CVE-2025-41708 Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface — CC612 7.4 High2025-09-08
CVE-2025-7731 Information Disclosure Vulnerability in MELSEC iQ-F Series CPU module — MELSEC iQ-F Series FX5U-32MT/ES 7.5 High2025-09-01
CVE-2025-31972 HCL BigFix Service Management (SM) is affected by a Sensitive Information Exposure vulnerability — BigFix Service Management (SM) 6.5 Medium2025-08-28
CVE-2025-6180 Authentication Hijack — sdm-cli 7.4AIHighAI2025-08-20
CVE-2025-57727 JetBrains IntelliJ IDEA 安全漏洞 — IntelliJ IDEA 4.7 Medium2025-08-20
CVE-2025-54156 Santesoft Sante PACS Server Cleartext Transmission of Sensitive Information — Sante PACS Server 7.4 High2025-08-18
CVE-2025-8863 YugabyteDB 安全漏洞 — YugabyteDB 7.5 -2025-08-11
CVE-2025-8741 macrozheng mall login cleartext transmission — mall 3.7 Low2025-08-08
CVE-2025-52586 EG4 Electronics EG4 Inverters Cleartext Transmission of Sensitive Information — EG4 12kPV 6.9 Medium2025-08-08
CVE-2025-54799 Lego does not enforce HTTPS — lego 5.9AIMediumAI2025-08-07
CVE-2025-36020 IBM Guardium Data Protection information disclosure — Guardium Data Protection 5.9 Medium2025-08-06
CVE-2025-8205 Comodo Dragon IP DNS Leakage Detector cleartext transmission — Dragon 3.7 Low2025-07-26

Vulnerabilities classified as CWE-319 (敏感数据的明文传输) represent 356 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.