Web Server Uses Basic Authentication over HTTPS

info Nessus Plugin ID 51080

Synopsis

The remote web server seems to transmit credentials using Basic Authentication.

Description

The remote web server contains web pages that are protected by 'Basic' authentication over HTTPS.

While this is not in itself a security flaw, in some organizations, the use of 'Basic' authentication is discouraged as, depending on the underlying implementation, it may be vulnerable to account brute-forcing or may encourage Man-in-The-Middle (MiTM) attacks.

Solution

Make sure that the use of HTTP 'Basic' authentication is in line with your organization's security policy.

Plugin Details

Severity: Info

ID: 51080

File Name: www_https_basic_authentication.nasl

Version: Revision: 1.3

Type: remote

Family: Web Servers

Published: 12/8/2010

Updated: 3/18/2011

Supported Sensors: Nessus