The Basic Authentication scheme uses the username and password and encrypts the password using base64 encoding. In spite of this, there are still many security holes in the Basic Authentication scheme. Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text format across the network. Hence, any attacker listening with a packet sniffer can easily read the username and password in plain text format. The username and password are passed with every request not just when the user first types them, so the packet sniffer need not listen at any particular time, but just long enough to observe any single request coming across the wire. Besides, the encryption used in the authentication is also very insecure and can be easily decoded.
What are the security holes in the Basic Authentication scheme?
September 22, 2008
0 Comments
Explore More
How to Detect a Hacker Attack
If a hacker breaks into your computer, just noses around, and makes no changes to your computer, it’s not easy to tell he’s been there. There’s no alert that says,
critical XSS Vulnerability on Yatanarpon VOIP http://voip.yatanarpon.com.mm
PlanetCreator has reported another critical XSS Vulnerability on Yatanarpon VOIP http://voip.yatanarpon.com.mm This vulnerability has been informed to :- webmaster Cross-site scripting (XSS) is a type of computer security vulnerability typically
DDoS Attack on Myanmar Takes the Country Offline
The main Internet provider for Myanmar, the southeast Asian nation formerly known as Burma, has been under severe denial of service attack since at least October 25, according to the
