cwe-319-cleartext-transmission

star 1

Use this skill when you need to remediate CWE-319 (Cleartext Transmission of Sensitive Information) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing cleartext transmission of sensitive information issues.

DevelopersCoffee By DevelopersCoffee schedule Updated 3/6/2026
play_arrow Run Skill in Manus View GitHub

name: cwe-319-cleartext-transmission description: Use this skill when you need to remediate CWE-319 (Cleartext Transmission of Sensitive Information) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing cleartext transmission of sensitive information issues. version: 1.0.0 license: MIT tags:

  • security
  • java
  • cwe-319
  • remediation
  • sast

CWE-319 Cleartext Transmission of Sensitive Information

Description

Cleartext Transmission of Sensitive Information

Reference: https://cwe.mitre.org/data/definitions/319.html

OWASP Category: A02:2021 – Cryptographic Failures

Vulnerable Pattern

❌ Example 1: Vulnerable Pattern

// VULNERABLE: HTTP instead of HTTPS
URL url = new URL("http://api.example.com/users");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();

// VULNERABLE: Plain socket
Socket socket = new Socket("server.com", 80);
OutputStream out = socket.getOutputStream();
out.write(sensitiveData.getBytes());

Why it's vulnerable: This pattern is vulnerable to Cleartext Transmission of Sensitive Information

Deterministic Fix

✅ Secure Implementation: Secure Implementation

// SECURE: Use HTTPS
URL url = new URL("https://api.example.com/users");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();

// SECURE: Use SSL socket
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket("server.com", 443);

// Enable strict hostname verification
conn.setHostnameVerifier((hostname, session) -> {
    HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
    return hv.verify(hostname, session);
});

Why it's secure: Implements proper protection against Cleartext Transmission of Sensitive Information

Detection Pattern

Look for these patterns in your codebase:

# Find HTTP URLs
grep -rn "http://" --include="*.java" | grep -v "https"

# Find plain sockets
grep -rn "new Socket(" --include="*.java"

Remediation Steps

  1. Replace all HTTP URLs with HTTPS

  2. Use SSLSocket instead of plain Socket

  3. Configure proper TLS versions (TLS 1.2+)

  4. Enable hostname verification

Key Imports


import javax.net.ssl.SSLSocketFactory;

import javax.net.ssl.HttpsURLConnection;

Verification

After remediation:

  • Run SAST scanner to confirm vulnerability is resolved

  • Review all instances of the vulnerable pattern

  • Add unit tests that verify the secure implementation

  • Check for similar patterns in related code

Trigger Examples

Fix CWE-319 vulnerability
Resolve Cleartext Transmission of Sensitive Information issue
Secure this Java code against cleartext transmission of sensitive information
SAST reports CWE-319

Common Vulnerable Locations

Layer Files Patterns

| Controller | *Controller.java | User input handling |

| Service | *Service.java | Business logic |

| Repository | *Repository.java | Data access |

References

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07

Install via CLI
npx skills add https://github.com/DevelopersCoffee/java-cwe-security-skills --skill cwe-319-cleartext-transmission
Repository Details
star Stars 1
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
DevelopersCoffee
DevelopersCoffee Explore all skills →