Basic Authentication Without HTTPS

low Web App Scanning Plugin ID 98615

Language:

Synopsis

Description

The remote web server contains web pages that are protected by 'Basic' authentication over cleartext.

An attacker eavesdropping the traffic might obtain logins and passwords of valid users.

Solution

Make sure that HTTP authentication is transmitted over HTTPS.

Plugin Details

Severity: Low

ID: 98615

Type: remote

Family: Authentication & Session

Published: 6/3/2019

Updated: 11/26/2021

Scan Template: api, basic, full, overview, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Low

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

Vulnerability Information

Exploit Available: true

Vulnerability Publication Date: 11/21/2008

Reference Information

CWE: 319

OWASP: 2010-A9, 2013-A6, 2017-A3, 2021-A2

WASC: Insufficient Transport Layer Protection

CAPEC: 102, 117, 383, 477, 65

DISA STIG: APSC-DV-000170

HIPAA: 164.312(a), 164.312(e)

ISO: 27001-A.10.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.18.1.5

NIST: sp800_53-SC-13

OWASP API: 2019-API7, 2023-API8

OWASP ASVS: 4.0.2-9.1.1

PCI-DSS: 3.2-6.5.4

Detections

Analytics

Basic Authentication Without HTTPS

low Web App Scanning Plugin ID 98615

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information