Basic authentication over HTTP

Description

In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent to provide a user name and password when making a request.

This directory is protected using Basic Authentication over an HTTP connection. With Basic Authentication the user credentials are sent as cleartext and because HTTPS is not used, they are vulnerable to packet sniffing.

Remediation

Use Basic Authentication over an HTTPS connection.

References
Severity
Classification
Tags
  • Weak Crypto