Description

In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent to provide a user name and password when making a request.

One or more directories are protected using Basic Authentication over an HTTP connection. With Basic Authentication the user credentials are sent as cleartext and because HTTPS is not used, they are vulnerable to packet sniffing.

Remediation

Use Basic Authentication over an HTTPS connection.

References

Basic access authentication

Related Vulnerabilities

Active Mixed Content over HTTPS

MongoDb Insufficiently Protected Credentials Vulnerability (CVE-2021-32039)

Mailman Insufficiently Protected Credentials Vulnerability (CVE-2021-43332)

Telerik Web UI Insufficiently Protected Credentials Vulnerability (CVE-2017-9248)

XWiki Insufficiently Protected Credentials Vulnerability (CVE-2022-41933)

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Sensitive Data Not Over Ssl