Invicti identified that the application is using basic authentication over HTTP.

Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.

If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.

Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.