Basic Authentication over HTTP
- CAPEC 65
- CWE 319
- WASC 4
- PCI 3.2-6.5.4
- OWASP 2017-A3
This resource is protected using Basic Authentication over an HTTP connection. With Basic Authentication the user credentials are sent as cleartext and because HTTPS is not used, they are vulnerable to packet sniffing.
Remediation
Use Basic Authentication over an HTTPS connection.
References
Go Back to List
Search Vulnerability
You may also see
- Long Redirect Response
- Error Message
- Stack Trace
- Internal Path
- Not Secure Cookie
- Not Http-Only Cookie
- Sensitive Data in Query String
- Sensitive Data over HTTP
- Server Error
- Source Code Disclosure
- Information Leakage
- Web Backdoor
- Database Connection String
- Autocomplete Enabled
- Undefined Content-Type Header
- Missing X-Frame-Options Header
- Mixed Content
- Insecure iFrame
- XPath Injection
- Basic Authentication over HTTP
- Forbidden Resource
- Multiple Choices Enabled
- Apache MultiViews Enabled