Usage of insecure FTP connection

• Rule ID: php_lang_insecure_ftp
• Languages: php
• Source: insecure_ftp.yml

Description

Using insecure FTP connections can compromise the security of sensitive data. This vulnerability arises when applications that handle sensitive information communicate with FTP servers without secure protocols. Always verify that FTP connections in your application utilize SFTP for enhanced security.

Remediations

• Do use the ftp_ssl_connect function to establish secure FTP connections. This function ensures that your connection to the FTP server is encrypted, protecting the data transmitted from potential interception or eavesdropping.

  $ftp = ftp_ssl_connect("ftp.example.com");

References

• OWASP insecure transport

Associated CWE

• CWE-319: Cleartext Transmission of Sensitive Information

OWASP Top 10

• A02:2021 - Cryptographic Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_lang_insecure_ftp

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_lang_insecure_ftp