Usage of insecure FTP connection

Description

Using insecure FTP connections can compromise the security of sensitive data. This vulnerability arises when applications that handle sensitive information communicate with FTP servers without secure protocols. Always verify that FTP connections in your application utilize SFTP for enhanced security.

Remediations

  • Do use the FTP_TLS class to establish secure FTP connections. This function ensures that your connection to the FTP server is encrypted, protecting the data transmitted from potential interception or eavesdropping.
    ftp = FTP_TLS("ftp.example.com")

References

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=python_lang_insecure_ftp

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=python_lang_insecure_ftp