This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Periodic Table of Vulnerabilities - Weak Authentication Methods
From OWASP
Revision as of 04:30, 14 May 2013 by Peter Mosmans (talk | contribs) (Created page with "== Weak HTTP Authentication Methods == === Root Cause Summary === Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by inte...")
Weak HTTP Authentication Methods
Root Cause Summary
Usage of weak HTTP authentication methods makes it easiy for an attacker to obtain logon credentials by intercepting the traffic
Browser / Standards Solution
None
Perimeter Solution
- Disable the HTTP Basic Access Authentication Scheme
- Enable NTLM, and Digest Authentication requests
Complexity: Low
Impact: Medium
Generic Framework Solution
None
Custom Framework Solution
None
Custom Code Solution
None
Discussion / Controversy
References
HTTP Authentication: Basic and Digest Access Authentication (IETF)
Authentication Cheat Sheet (OWASP)