Exposure of Sensitive Information High

We observed that your code contains either incorrect, unsafe cleartext protocols, which leads to transmission of sensitive information over a network or communication channel in cleartext, making it vulnerable to interception by attackers.

Detector ID

c/exposure-of-sensitive-information@v1.0

Category

Security

Common Weakness Enumeration (CWE)

CWE-200 CWE-319

Tags

Noncompliant example

1
2int exposureofSensitiveInformationNonCompliant()
3{
4    // Noncompliant: insecure protocal is used
5    char* ftp_url = "ftp://anonymous@example.com";
6    
7}

Compliant example

1int exposureofSensitiveInformationCompliant()
2{
3    // Compliant: https is used for secured url
4    char* https_url = "https://example.com";
5}

Q

Detector Library

C detectors (34/34)

Exposure of Sensitive Information High

Noncompliant example

Compliant example