Basic Authentication Over HTTP

Impact: Medium

Description

HTTP traffic can often be sniffed and captured by an attacker who has access to a network interface. In HTTP basic authentication, user credentials are sent in Base64 encoding which, can easily be decoded into plain text.

Recommendation

Enforce using HTTPS.

References

Wikipedia: Basic access authentication
CWE-319
OWASP 2017-A3
OWASP 2021-A2

👉 You might also like:

Password Sent Over HTTP - Vulnerability

Password Input on HTTP - Vulnerability

Password Sent in HTTP Query - Vulnerability

No Redirection from HTTP to HTTPS - Vulnerability

Last updated on February 15, 2021

Basic Authentication Over HTTP

Description

Recommendation

References

Use SmartScanner Free version to test for this issue