Basic Authorization over HTTP

Severity: High
Summary#

Invicti identified that the application is using basic authentication over HTTP.

Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.

Impact#
If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.
Actions To Take#

Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works