Summary

Netsparker identified that the application is using basic authentication over HTTP.

Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.

Impact
If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.
Actions To Take

Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.

Classifications
PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, WASC-4, OWASP 2013-A6 , CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

;
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO