Basic authentication over HTTP
Description
HTTP Basic Authentication is a simple authentication mechanism that transmits user credentials (username and password) encoded in Base64 format within HTTP request headers. When Basic Authentication is used over unencrypted HTTP connections instead of HTTPS, these credentials are transmitted in cleartext across the network. Base64 encoding provides no cryptographic protection, making credentials easily recoverable by anyone who can intercept the network traffic. This vulnerability affects one or more directories or endpoints on the application that require Basic Authentication but are accessible via HTTP.
Remediation
Migrate all authentication mechanisms to use HTTPS exclusively to encrypt credentials in transit. Follow these steps to remediate this vulnerability:
1. Enable HTTPS: Obtain and install a valid SSL/TLS certificate for your domain. Use certificates from trusted Certificate Authorities or free services like Let's Encrypt.
2. Configure HTTP to HTTPS redirection: Implement automatic redirection from HTTP to HTTPS for all authenticated endpoints.
Example Apache configuration:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]Example Nginx configuration:
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}3. Implement HTTP Strict Transport Security (HSTS): Add the HSTS header to force browsers to use HTTPS for all future requests.
Example header:
Strict-Transport-Security: max-age=31536000; includeSubDomains
4. Consider stronger authentication: Where possible, replace Basic Authentication with more secure mechanisms such as OAuth 2.0, OpenID Connect, or token-based authentication with proper session management.
5. Verify the fix: Test that all authentication endpoints are only accessible via HTTPS and that HTTP requests are properly redirected or blocked.