Basic Authorization over HTTP

Severity: High

Invicti identified that the application is using basic authentication over HTTP.

Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.

If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.
Actions To Take#

Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.

Invicti Logo

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo