Basic Authentication Over HTTP
Impact: Medium
Description
HTTP traffic can often be sniffed and captured by an attacker who has access to a network interface. In HTTP basic authentication, user credentials are sent in Base64 encoding which, can easily be decoded into plain text.
Recommendation
Enforce using HTTPS.
References
👉 You might also like:
Password Sent Over HTTP - Vulnerability
Password Input on HTTP - Vulnerability
Password Sent in HTTP Query - Vulnerability
No Redirection from HTTP to HTTPS - Vulnerability
Last updated on February 15, 2021