Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Weak Authentication Methods"

From OWASP
Jump to: navigation, search
(Created page with "== Weak HTTP Authentication Methods == === Root Cause Summary === Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by inte...")
 
m
Line 9: Line 9:
 
=== Perimeter Solution ===
 
=== Perimeter Solution ===
 
* Disable the HTTP Basic Access Authentication Scheme
 
* Disable the HTTP Basic Access Authentication Scheme
* Enable NTLM, and Digest Authentication requests
+
* Enable Digest Authentication on the webserver
  
 
Complexity: Low<br>
 
Complexity: Low<br>

Revision as of 00:04, 14 May 2013

Contents

Weak HTTP Authentication Methods

Root Cause Summary

Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by intercepting the traffic

Browser / Standards Solution

None

Perimeter Solution

  • Disable the HTTP Basic Access Authentication Scheme
  • Enable Digest Authentication on the webserver

Complexity: Low
Impact: Medium

Generic Framework Solution

None

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

References

HTTP Authentication: Basic and Digest Access Authentication (IETF)
Authentication Cheat Sheet (OWASP)