Insecure authentication method
Description
The server uses Basic authentication over an insecure channel.
Impact
Gather base 64 coded credentials.
Recommendation
Use stronger authentication mechanisms like Bearer and OAuth.
Threat
Unauthorized attacker from adjacent network performing a Sniffing attack.
Expected Remediation Time
⏱️ 120 minutes.
Requirements
030 - Avoid object reutilization228 - Authenticate using standard protocols319 - Make authentication options equally secure153 - Out of band transactionsFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
A
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P