OWASP Periodic Table of Vulnerabilities - Weak Authentication Methods

From OWASP
Revision as of 23:30, 13 May 2013 by Peter Mosmans (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Weak HTTP Authentication Methods

Root Cause Summary

Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by intercepting the traffic

Browser / Standards Solution

None

Perimeter Solution

  • Disable the HTTP Basic Access Authentication Scheme
  • Enable NTLM, and Digest Authentication requests

Complexity: Low
Impact: Medium

Generic Framework Solution

None

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

References

HTTP Authentication: Basic and Digest Access Authentication (IETF)
Authentication Cheat Sheet (OWASP)