Summary

Acunetix 360 identified that the application is using basic authentication over HTTP.

Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.

Impact

If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.

Actions To Take

Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.

Severity

High

Classification

PCI v3.2-6.5.4 CAPEC-65 CWE-319 ISO27001-A.14.1.3 WASC-4 OWASP 2013-A6 OWASP 2017-A3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N