Download Netsparker
Pricing
Blog
Contact
Netsparker

Basic Authentication over Clear Text | Weak Authentication Configuration

Netsparker identified that the application is using basic authentication over HTTP.

Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.

Impact

If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.

 


Go back to the Complete list of Vulnerability Checks.