Web Server Misconfiguration: HTTP Basic Authentication (HTTP Basic Logins Sent Over Unencrypted Connection)
Web Server Misconfiguration: HTTP Basic Authentication (HTTP Basic Logins Sent Over Unencrypted Connection) Web 服務器配置錯誤:HTTP 基本身份驗證(通過未加密連接發送的 HTTP 基本登錄) Description: Any area of a web application that possibly contains sensitive information or access to privileged functionality such as remote site administration functionality should utilize SSL or another form of encryption to prevent login information from being sniffed or otherwise intercepted or stolen. ~FullURL~ has failed this policy. Recommendations include ensuring that sensitive areas of your web application have proper encryption protocols in place to prevent login information and other data that could be helpful to an attacker from being intercepted. An attacker who exploited this design vulnerability would be able to utilize the information to escalate their method of attack, possibly leading to impersonation of a legitimate user, the theft of proprietary data, or execution of actions not intended by the applicat...