Basic Authentication over Clear Text | Weak Authentication Configuration
Netsparker identified that the application is using basic authentication over HTTP.
Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.
If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.
Actions to Take
- See the remedy for solution.
- Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.