Detail

Basic Authorization over HTTP

Severity: High

Summary

Netsparker identified that the application is using basic authentication over HTTP.

Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.

Impact
If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.
Actions To Take

Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.

Classifications
PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, WASC-4, OWASP 2013-A6 , CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

NETSPARKER

WEB SECURITY

COMPANY

Netsparker Ltd

  • United Kingdom, (reg. no. 06947644)
  • USA Office: +1 415 877 4450
  • UK Office: +44 (0)20 3588 3840
  • contact@netsparker.com
Copyright © 2018 Netsparker Ltd. All rights reserved. | Privacy Policy