Basic authentication detected
What this means
The use of basic authentication (Basic Auth) involves transmitting credentials (username and password) via an insecure mechanism in order to gain access to a website or web pages.
Why this is a problem
Use of this method is inherently insecure as it lacks encryption and is susceptible to interception if not transmitted over a secure channel (HTTPS).
In addition to this, basic authentication is not considered a modern form of authentication and does not natively support mechanisms such as multi-factor authentication (MFA) and lacks brute force protection.
How to check if the problem is there
The easiest way is to browse to the site in question, if a popup box appears which is originating from the web browser itself, this suggests that basic auth is in use.
If you see a HTTP 401 code when browsing the website, this can also indicate presence of basic auth.
If you have access to the web server, you can check the web server configuration files to determine if basic auth is enabled.
How to fix this
You should plan to retire use of basic authentication, as this is a legacy authentication mechanism which does not meet modern security standards.
If you have a web application which relies on use of basic authentication, plan to move to token based authentication such as OAuth 2.0 or OpenID Connect.
You can reduce some risks associated with using basic authentication by:
- using HTTPS and removing HTTP entirely to prevent any possibility of basic auth occurring over HTTP
- implementing IP whitelisting
- implementing geolocation based IP address blocking
- keeping user accounts used by basic authentication to a minimum and ensuring all passwords in use meet complexity requirements
- implementing micro segmentation in back-end infrastructure to limit lateral movement in the event of compromise
- monitor web server logs via SIEM to detect brute force attacks leveraging the weakness of basic authentication