Details
Alert Id 10105
Alert Type Passive
Status release
Risk
CWE 326
WASC 4
Technologies Targeted All
Tags OWASP_2017_A02
OWASP_2017_A03
OWASP_2021_A01
OWASP_2021_A02
WSTG-V42-ATHN-01

Summary

HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network.

Solution

Protect the connection using HTTPS or use a stronger authentication mechanism

Other Info

References

Code

org/zaproxy/zap/extension/pscanrules/InsecureAuthenticationScanRule.java