Synopsis
The remote host passes information across the network in an insecure manner.
Description
The remote server requires authentication for certain resources. However, the server does not require a strong encryption of the passed credentials. Specifically, the server allows clients to send credentials using HTTP Basic authentication. The client credentials are passed in plaintext and slightly obfuscated by using base64 encoding. Such encoding is trivial and a passive attacker with the ability to sniff the traffic can easily gain access to a user's credentials.
Solution
Use SSL or a stronger authentication mechanism.
