This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Weak Authentication Methods"
From OWASP
m |
James Landis (talk | contribs) m |
||
| Line 1: | Line 1: | ||
| + | [[OWASP_Periodic_Table_of_Vulnerabilities#Periodic_Table_of_Vulnerabilities|Return to Periodic Table Working View]] | ||
| + | |||
== Weak HTTP Authentication Methods == | == Weak HTTP Authentication Methods == | ||
Revision as of 18:01, 14 May 2013
Return to Periodic Table Working View
Weak HTTP Authentication Methods
Root Cause Summary
Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by intercepting the traffic
Browser / Standards Solution
None
Perimeter Solution
- Disable the HTTP Basic Access Authentication Scheme
- Enable Digest Authentication on the webserver
Complexity: Low
Impact: Medium
Generic Framework Solution
None
Custom Framework Solution
None
Custom Code Solution
None
Discussion / Controversy
References
HTTP Authentication: Basic and Digest Access Authentication (IETF)
Authentication Cheat Sheet (OWASP)
