Java Basic Auth Header Untrusted Input
Description
Detects insecure usage of HTTP Basic Authentication where credentials might be transmitted over non-secure channels. Basic Authentication sends credentials in base64 encoding which can be easily decoded if intercepted, making a secure transport protocol critical for protecting sensitive authentication data.
Detection Strategy
• Identifies HTTP header operations that set or use Basic Authentication credentials
• Verifies if the HTTP connection uses a secure protocol (like HTTPS)
• Reports a vulnerability when Basic Authentication is used without a secure transport protocol
Vulnerable code example
import org.apache.camel.builder.RouteBuilder;
public class AuthHeaderExample {
public void configureRoute() {
// Vulnerable: Hardcoded credentials in Authorization header
from("direct:start")
.setHeader("Authorization", constant("Basic dXNlcjpwYXNz"))
.to("http://api.example.com");...✅ Secure code example
import org.apache.camel.builder.RouteBuilder;
public class AuthHeaderExample {
public void configureRoute() {
// Safe: Fetch credentials from secure config/vault instead of hardcoding
from("direct:start")
.setHeader("Authorization", method(CredentialsService.class, "getAuthHeader"))
.to("http://api.example.com");...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.