This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Periodic Table of Vulnerabilities - Weak Authentication Methods

From OWASP
Revision as of 05:04, 14 May 2013 by Peter Mosmans (talk | contribs)

Jump to: navigation, search

Weak HTTP Authentication Methods

Root Cause Summary

Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by intercepting the traffic

Browser / Standards Solution

None

Perimeter Solution

  • Disable the HTTP Basic Access Authentication Scheme
  • Enable Digest Authentication on the webserver

Complexity: Low
Impact: Medium

Generic Framework Solution

None

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

References

HTTP Authentication: Basic and Digest Access Authentication (IETF)
Authentication Cheat Sheet (OWASP)