Web Server Uses Basic Authentication Without HTTPS
Low Nessus Plugin ID 34850
SynopsisThe remote web server seems to transmit credentials in cleartext.
DescriptionThe remote web server contains web pages that are protected by 'Basic' authentication over cleartext.
An attacker eavesdropping the traffic might obtain logins and passwords of valid users.
SolutionMake sure that HTTP authentication is transmitted over HTTPS.