OWASP Periodic Table of Vulnerabilities - Weak Authentication Methods

From OWASP
Revision as of 00:04, 14 May 2013 by Peter Mosmans (Talk | contribs)

Jump to: navigation, search

Contents

Weak HTTP Authentication Methods

Root Cause Summary

Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by intercepting the traffic

Browser / Standards Solution

None

Perimeter Solution

  • Disable the HTTP Basic Access Authentication Scheme
  • Enable Digest Authentication on the webserver

Complexity: Low
Impact: Medium

Generic Framework Solution

None

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

References

HTTP Authentication: Basic and Digest Access Authentication (IETF)
Authentication Cheat Sheet (OWASP)