Weak Authentication Method

Home/Alerts/Alert detail/

Risk:
Medium

Type:
Passive

CWE:
CWE-326

Summary: HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network.

Solution: Protect the connection using HTTPS or use a stronger authentication mechanism

References: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

Latest Security News

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

CWE top 25 most dangerous software weaknesses

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Common Alerts

InformationalUsername Hash Found

InformationalSession Management Response Identified

HighServer Side Request Forgery

MediumRelative Path Confusion

InformationalContent-Type Header Missing

InformationalSplit Viewstate in Use

HighSQL Injection - Oracle

HighGeneric Padding Oracle

HighPath Traversal

LowInsufficient Site Isolation Against Spectre Vulnerability

Latest CVE List

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

Common CWEs

CWE-412 Unrestricted Externally Accessible Lock

CWE-11 ASP.NET Misconfiguration: Creating Debug Binary

CWE-183 Permissive List of Allowed Inputs

CWE-1120 Excessive Code Complexity

CWE-826 Premature Release of Resource During Expected Lifetime

CWE-913 Improper Control of Dynamically-Managed Code Resources

CWE-527 Exposure of Version-Control Repository to an Unauthorized Control Sphere

CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

HighCWE-129 Improper Validation of Array Index

CWE-176 Improper Handling of Unicode Encoding

Free security scan for your website

Don't show website scan report rating on the leaderboard