Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Weak Authentication Methods"

From OWASP
Jump to: navigation, search
(Created page with "== Weak HTTP Authentication Methods == === Root Cause Summary === Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by inte...")
 
m
Line 9: Line 9:
 
=== Perimeter Solution ===
 
=== Perimeter Solution ===
 
* Disable the HTTP Basic Access Authentication Scheme
 
* Disable the HTTP Basic Access Authentication Scheme
* Enable NTLM, and Digest Authentication requests
+
* Enable Digest Authentication on the webserver
  
 
Complexity: Low<br>
 
Complexity: Low<br>

Revision as of 00:04, 14 May 2013

Weak HTTP Authentication Methods

Root Cause Summary

Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by intercepting the traffic

Browser / Standards Solution

None

Perimeter Solution

  • Disable the HTTP Basic Access Authentication Scheme
  • Enable Digest Authentication on the webserver

Complexity: Low
Impact: Medium

Generic Framework Solution

None

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

References

HTTP Authentication: Basic and Digest Access Authentication (IETF)
Authentication Cheat Sheet (OWASP)