# Cleartext Transmission of Sensitive Information (CWE-319)

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

**Stack:** Go

- Prevalence: Élevée Fréquemment exploitée
- Impact: Élevé 5 règles de sévérité élevée
- Prevention: Documentée 6 exemples de correctifs

**OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2

## Description

Many communication channels can be sniffed by attackers during data transmission. When sensitive data is transmitted without encryption, an attacker can intercept and read this information. Secure channels like TLS should be used to protect sensitive data in transit.

## Prevention

### Go

Use StartTLS instead of Start to enable HTTPS encryption

Use ListenTLS instead of Listen to enable HTTPS encryption

Use RunTLS instead of Run to enable HTTPS encryption

## Consequences

- Lecture des données de l'application
- Contourner le mécanisme de protection

## Mitigations

- Chiffrez toutes les données sensibles avant transmission
- Utilisez TLS/SSL pour toutes les connexions transmettant des données sensibles
- Mettez en place l'épinglage de certificats pour les applications mobiles

## Detection

- Total rules: 6
- Languages: go, kubernetes, yaml, python

## Rules by Language

### Go (3 rules)

- **Echo Running Without TLS** [HIGH]: Echo server running over HTTP instead of HTTPS.
  - Remediation: Use StartTLS with certificate files for HTTPS.

```go
e := echo.New()
e.StartTLS(":443", "cert.pem", "key.pem")
```

Learn more: https://shoulder.dev/learn/go/cwe-319/tls-config
- **Fiber Running Without TLS** [HIGH]: Fiber server running over HTTP instead of HTTPS.
  - Remediation: Use ListenTLS with certificate files for HTTPS.

```go
app := fiber.New()
app.ListenTLS(":443", "cert.pem", "key.pem")
```

Learn more: https://shoulder.dev/learn/go/cwe-319/tls-config
- **Gin Running Without TLS** [LOW]: Gin server running over HTTP instead of HTTPS.
  - Remediation: Use RunTLS with certificate files for HTTPS.

```go
r := gin.Default()
r.RunTLS(":443", "cert.pem", "key.pem")
```

Learn more: https://shoulder.dev/learn/go/cwe-319/tls-config