Basic Authorization over HTTP
Invicti identified that the application is using basic authentication over HTTP.
Basic authentication sends username and password in plain text. Generally, using basic authentication is not a good solution.
If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials.
Actions To Take#
Move all of your directories which require authentication to be served only over HTTPS, and disable any access to these pages over HTTP.