Insecure authentication method - Basic | Fluid Attacks Database

Database

Description

The server uses Basic authentication over an insecure channel.

Impact

Gather base 64 coded credentials.

Recommendation

Use stronger authentication mechanisms like Bearer and OAuth.

Threat

Unauthorized attacker from adjacent network performing a Sniffing attack.

Expected Remediation Time

⏱️ 120 minutes.

Requirements

030 - Avoid object reutilization 228 - Authenticate using standard protocols 319 - Make authentication options equally secure

Rules

Http Basic Auth Over Http C Sharp Basic Auth Header Hardcoded Credentials Xml Basic Auth Method Used Xml Authorization Header With Basic Token Terraform Password Authentication Enabled Terraform Missing Admin Auth Method Python Basic Auth Header Used Php Basic Auth Header Hardcoded Credentials Java Basic Auth Header Untrusted Input

Fixes

Azure Csharp Go Java JavaScript/TypeScript Php Python Ruby Scala Swift