Summary
The Apache Doris Go SDK HTTP client hardcodes InsecureSkipVerify: true in its default transport. All SDK API calls — including those with authentication — transmit credentials over unverified TLS.
Impact
Doris database credentials exposed to MITM on any Go SDK client connection.
Remediation
Enable TLS verification by default. Full report available.
Summary
The Apache Doris Go SDK HTTP client hardcodes
InsecureSkipVerify: truein its default transport. All SDK API calls — including those with authentication — transmit credentials over unverified TLS.Impact
Doris database credentials exposed to MITM on any Go SDK client connection.
Remediation
Enable TLS verification by default. Full report available.