Vulnerabilities/

Basic Authentication Over HTTP

Severity:: Medium

Description

Using Basic Authentication over HTTP exposes user credentials to potential interception by attackers who can sniff and capture HTTP traffic. This authentication method sends credentials in Base64 encoding, which can be easily decoded into plaintext.

Recommendation

To enhance security, enforce the use of HTTPS (HTTP over TLS/SSL) to encrypt communication between clients and the server, ensuring confidentiality and integrity of user credentials.

References

Wikipedia: Basic access authentication
OWASP: Transport Layer Protection Cheat Sheet
CWE-319

Related Issues

Password Sent Over HTTP - Vulnerability
Password Input on HTTP - Vulnerability
Password Sent in HTTP Query - Vulnerability
No Redirection from HTTP to HTTPS - Vulnerability

Tags:: Authentication; Encryption; SSL/TLS

Anything's wrong? Let us know Last updated on May 13, 2024