Weak Authentication Method

Risk:
Medium

Type:
Passive

CWE:
CWE-326

Summary: HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network.

Solution: Protect the connection using HTTPS or use a stronger authentication mechanism

References: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

Top Security News

Latest CVE List

Common Alerts

InformationalNon-Storable Content
HighSQL Injection
MediumJava Serialization Object
MediumFile Upload
MediumProxy Disclosure
InformationalInformation Disclosure - Sensitive Information in URL
InformationalInformation Disclosure - Suspicious Comments in XML via WebSocket
LowCookie without SameSite Attribute
HighExternal Redirect
LowStrict-Transport-Security Missing Max-Age (Non-compliant with Spec)

Top CWE List

Free online web security scanner

Don't show website scan report rating on the leaderboard