Web Server Uses Basic Authentication Without HTTPS

low Nessus Plugin ID 34850

Synopsis

The remote web server seems to transmit credentials in cleartext.

Description

The remote web server contains web pages that are protected by 'Basic' authentication over cleartext.

An attacker eavesdropping the traffic might obtain logins and passwords of valid users.

Solution

Make sure that HTTP authentication is transmitted over HTTPS.

Plugin Details

Severity: Low

ID: 34850

File Name: www_basic_authentication.nasl

Version: Revision: 1.17

Type: remote

Family: Web Servers

Published: 11/21/2008

Updated: 11/29/2016

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Reference Information

CWE: 319, 928, 930, 934