Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Basic Authorization over HTTP

Severity: High
Summary#

Invicti identified that the application is using basic authentication over HTTP.

Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.

Impact#
If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.
Actions To Take#

Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.

Classifications#
, , , , , , ,

Select Category

OR

Search Vulnerability

Tags

OWASP 2013-A6 OWASP 2017-A3

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works