Detail

Basic Authorization over HTTP

Severity: High

Summary #

Netsparker identified that the application is using basic authentication over HTTP.

Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.

Impact #
If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.
Actions To Take #

Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.

Classifications #
PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 , CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Tags

OWASP 2013-A6  OWASP 2017-A3 

Related Vulnerabilities

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo

Netsparker Ltd
220 Industrial Blvd Ste 102
Austin, TX 78745

© Netsparker 2021, by Invicti

RESOURCES

USE CASES

WEB SECURITY

COMPANY

© Netsparker 2021, by Invicti

Subscription Services Agreement Data Protection Policy Information Security Policy Privacy Policy Sitemap