Web Server Uses Basic Authentication over HTTPS
Info Nessus Plugin ID 51080
SynopsisThe remote web server seems to transmit credentials using Basic Authentication.
DescriptionThe remote web server contains web pages that are protected by 'Basic' authentication over HTTPS.
While this is not in itself a security flaw, in some organizations, the use of 'Basic' authentication is discouraged as, depending on the underlying implementation, it may be vulnerable to account brute-forcing or may encourage Man-in-The-Middle (MiTM) attacks.
SolutionMake sure that the use of HTTP 'Basic' authentication is in line with your organization's security policy.