Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

HTTP Server Basic Authentication Detection



The remote host passes information across the network in an insecure manner.


The remote server requires authentication for certain resources. However, the server does not require a strong encryption of the passed credentials. Specifically, the server allows clients to send credentials using HTTP Basic authentication. The client credentials are passed in plaintext and slightly obfuscated by using base64 encoding. Such encoding is trivial and a passive attacker with the ability to sniff the traffic can easily gain access to a user's credentials.


Use SSL or a stronger authentication mechanism.