Description
Using Basic Authentication over HTTP exposes user credentials to potential interception by attackers who can sniff and capture HTTP traffic. This authentication method sends credentials in Base64 encoding, which can be easily decoded into plaintext.
Test for Basic Authentication Over HTTP Vulnerability with SmartScanner
Donwload FREE!Recommendation
To enhance security, enforce the use of HTTPS (HTTP over TLS/SSL) to encrypt communication between clients and the server, ensuring confidentiality and integrity of user credentials.
References
Related Issues
- Password Sent Over HTTP - Vulnerability
- Password Input on HTTP - Vulnerability
- Password Sent in HTTP Query - Vulnerability
- No Redirection from HTTP to HTTPS - Vulnerability
- Tags:
- Authentication
- Encryption
- SSL/TLS
Anything's wrong? Let us know Last updated on May 13, 2024