C Sharp Basic Auth Header Hardcoded Credentials
Description
Detects hardcoded Basic Authentication credentials in HTTP request headers in C# applications. Using hardcoded credentials in source code exposes sensitive authentication information that could be exploited by attackers to gain unauthorized access to protected resources.
Detection Strategy
• Identifies calls to Headers.Add() method on web request objects
• Checks if the header being added contains Basic Authentication credentials
• Verifies that the header value contains hardcoded credentials rather than dynamic/configurable values
• Reports a vulnerability when Basic Authentication credentials are directly embedded in the source code
Vulnerable code example
using System.Net;
public class UnsafeRequest {
public WebResponse CreateRequest() {
WebRequest request = WebRequest.Create("https://api.example.com");
request.Method = "POST";
// VULNERABLE: Hardcoded credentials in Authorization header
request.Headers.Add("Authorization", "Basic dXNlcjpwYXNz");...✅ Secure code example
using System;
using System.Net;
public class SafeRequest {
private readonly string _apiUrl;
public SafeRequest(string apiUrl) {
_apiUrl = apiUrl;...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.