This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Weak Authentication Methods"
From OWASP
(Created page with "== Weak HTTP Authentication Methods == === Root Cause Summary === Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by inte...") |
m |
||
| Line 9: | Line 9: | ||
=== Perimeter Solution === | === Perimeter Solution === | ||
* Disable the HTTP Basic Access Authentication Scheme | * Disable the HTTP Basic Access Authentication Scheme | ||
| − | * Enable | + | * Enable Digest Authentication on the webserver |
Complexity: Low<br> | Complexity: Low<br> | ||
Revision as of 05:04, 14 May 2013
Weak HTTP Authentication Methods
Root Cause Summary
Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by intercepting the traffic
Browser / Standards Solution
None
Perimeter Solution
- Disable the HTTP Basic Access Authentication Scheme
- Enable Digest Authentication on the webserver
Complexity: Low
Impact: Medium
Generic Framework Solution
None
Custom Framework Solution
None
Custom Code Solution
None
Discussion / Controversy
References
HTTP Authentication: Basic and Digest Access Authentication (IETF)
Authentication Cheat Sheet (OWASP)
