Detail

Basic Authorization over HTTP

Severity: High

Summary

Netsparker identified that the application is using basic authentication over HTTP.

Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.

Impact
If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.
Actions To Take

Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.

Classifications
PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, WASC-4, OWASP 2013-A6, OWASP 2017-A3 , CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Netsparker Security Insights
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Tags

HTTP 

Related Vulnerabilities

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

RESOURCES

USE CASES

WEB SECURITY

COMPANY

Netsparker Ltd

  • 220 Industrial Blvd Ste 102
    Austin, TX 78745
  • USA Office: +1 415 877 4450
  • UK Office: +44 (0)20 3588 3840
Copyright © 2019 Netsparker Ltd. All rights reserved.
Privacy Policy | Data Protection Policy | Sitemap