449 – Insecure authentication method

Description

The server uses Basic authentication over an insecure channel.

Impact

Gather base 64 coded credentials.

Recommendation

Use stronger authentication mechanisms like Bearer and OAuth.

Threat

Unauthorized attacker from adjacent network performing a Sniffing attack.

Expected Remediation Time

120 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: A
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 030 - Avoid object reutilization
• 228 - Authenticate using standard protocols
• 319 - Make authentication options equally secure
• 153 - Out of band transactions

Last updated

2025/11/04