Basic Authentication Without HTTPS

medium Web App Scanning Plugin ID 98615

Synopsis

Basic Authentication Without HTTPS

Description

The remote web server contains web pages that are protected by 'Basic' authentication over cleartext.

An attacker eavesdropping the traffic might obtain logins and passwords of valid users.

Solution

Make sure that HTTP authentication is transmitted over HTTPS.

See Also

https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication

Plugin Details

Severity: Medium

ID: 98615

Type: remote

Published: 6/3/2019

Updated: 11/26/2021

Scan Template: api, basic, full, overview, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Low

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Vulnerability Information

Exploit Available: true

Vulnerability Publication Date: 11/21/2008

Reference Information