Basic Authentication Over HTTP

Impact: Medium

Description

Using Basic Authentication over HTTP exposes user credentials to potential interception by attackers who can sniff and capture HTTP traffic. This authentication method sends credentials in Base64 encoding, which can be easily decoded into plaintext.

Recommendation

To enhance security, enforce the use of HTTPS (HTTP over TLS/SSL) to encrypt communication between clients and the server, ensuring confidentiality and integrity of user credentials.

References

CWE-319
OWASP: Transport Layer Protection Cheat Sheet
Wikipedia: Basic access authentication

👉 You might also like:

Password Sent Over HTTP - Vulnerability

Password Input on HTTP - Vulnerability

Password Sent in HTTP Query - Vulnerability

No Redirection from HTTP to HTTPS - Vulnerability

Last updated on May 13, 2024

Basic Authentication Over HTTP

Description

Recommendation

References

Use SmartScanner Free version to test for this issue