Description
In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent to provide a user name and password when making a request.
One or more directories are protected using Basic Authentication over an HTTP connection. With Basic Authentication the user credentials are sent as cleartext and because HTTPS is not used, they are vulnerable to packet sniffing.
Remediation
Use Basic Authentication over an HTTPS connection.
References
Related Vulnerabilities
WordPress Plugin WordPress Social Stream Information Disclosure (1.6)
Insecure transition from HTTPS to HTTP in form post
Insecure transition from HTTP to HTTPS in form post
XWiki Insufficiently Protected Credentials Vulnerability (CVE-2022-41933)
MongoDb Insufficiently Protected Credentials Vulnerability (CVE-2021-32039)