Basic Authentication Over HTTP
Impact: Medium
Description
Using Basic Authentication over HTTP exposes user credentials to potential interception by attackers who can sniff and capture HTTP traffic. This authentication method sends credentials in Base64 encoding, which can be easily decoded into plaintext.
Recommendation
To enhance security, enforce the use of HTTPS (HTTP over TLS/SSL) to encrypt communication between clients and the server, ensuring confidentiality and integrity of user credentials.
References
👉 You might also like:
Password Sent Over HTTP - Vulnerability
Password Input on HTTP - Vulnerability
Password Sent in HTTP Query - Vulnerability
No Redirection from HTTP to HTTPS - Vulnerability
Last updated on May 13, 2024