Details
Alert Id 10105
Alert Type Passive Scan Rule
Status release
Risk
CWE
WASC

Summary

HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network.

Solution

Protect the connection using HTTPS or use a stronger authentication mechanism

References

Code

org/zaproxy/zap/extension/pscanrules/InsecureAuthenticationScanRule.java