This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Periodic Table of Vulnerabilities - Weak Authentication Methods

From OWASP

Revision as of 04:30, 14 May 2013 by Peter Mosmans (talk | contribs) (Created page with "== Weak HTTP Authentication Methods == === Root Cause Summary === Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by inte...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

[hide]

1 Weak HTTP Authentication Methods

Weak HTTP Authentication Methods

Root Cause Summary

Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by intercepting the traffic

Browser / Standards Solution

None

Perimeter Solution

Disable the HTTP Basic Access Authentication Scheme
Enable NTLM, and Digest Authentication requests

Complexity: Low
Impact: Medium

Generic Framework Solution

None

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

References

HTTP Authentication: Basic and Digest Access Authentication (IETF)
Authentication Cheat Sheet (OWASP)

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Periodic_Table_of_Vulnerabilities_-_Weak_Authentication_Methods&oldid=151525"