Description
Using Basic Authentication over HTTP exposes user credentials to potential interception by attackers who can sniff and capture HTTP traffic. This authentication method sends credentials in Base64 encoding, which can be easily decoded into plaintext.
Test for Basic Authentication Over HTTP Vulnerability with SmartScanner
Donwload FREE!Recommendation
To enhance security, enforce the use of HTTPS (HTTP over TLS/SSL) to encrypt communication between clients and the server, ensuring confidentiality and integrity of user credentials.
References
- Wikipedia: Basic access authentication
- OWASP: Transport Layer Protection Cheat Sheet
- CWE-319
- OWASP 2021-A2
Related Issues
- Password Sent in HTTP Query - Vulnerability
- Password Input on HTTP - Vulnerability
- Password Sent Over HTTP - Vulnerability
- TLS 1.0 enabled - Vulnerability
- Tags:
- Authentication
- Encryption
- SSL/TLS
Anything's wrong? Let us know Last updated on May 13, 2024