Web Server Uses Basic Authentication over HTTPS

Info Nessus Plugin ID 51080


The remote web server seems to transmit credentials using Basic Authentication.


The remote web server contains web pages that are protected by 'Basic' authentication over HTTPS.

While this is not in itself a security flaw, in some organizations, the use of 'Basic' authentication is discouraged as, depending on the underlying implementation, it may be vulnerable to account brute-forcing or may encourage Man-in-The-Middle (MiTM) attacks.


Make sure that the use of HTTP 'Basic' authentication is in line with your organization's security policy.

Plugin Details

Severity: Info

ID: 51080

File Name: www_https_basic_authentication.nasl

Version: $Revision: 1.3 $

Type: remote

Family: Web Servers

Published: 2010/12/08

Modified: 2011/03/18

Dependencies: 67257

Risk Information

Risk Factor: Info