Authentication route use Basic Auth
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우
언제든지 연락주시기 바랍니다.Description
The API endpoint uses an authentication protocol that is not considered secure. The “HTTP/1.0” protocol includes the specification for a Basic Access Authentication scheme. That scheme is not a secure method of user authentication, as the user name and password are passed over the network in an unencrypted form.
There are a few issues with HTTP Basic Auth:
- The password is sent over the wire in base64 encoding, which can easily be converted to plaintext if the request was intercepted.
- The password is sent repeatedly, for each request creating a large attack window.
- Does not support logout or session management
Rationale
This finding works by identifying an API that accepts Basic Authentication as the authentication mechanism.
References