The Basic Authentication scheme uses the username and password and encrypts the password using base64 encoding. In spite of this, there are still many security holes in the Basic Authentication scheme. Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text format across the network. Hence, any attacker listening with a packet sniffer can easily read the username and password in plain text format. The username and password are passed with every request not just when the user first types them, so the packet sniffer need not listen at any particular time, but just long enough to observe any single request coming across the wire. Besides, the encryption used in the authentication is also very insecure and can be easily decoded.
What are the security holes in the Basic Authentication scheme?
September 22, 2008
0 Comments
Explore More
Blind SQL Injection and XSS Vulnerability in MyRingTune
PlanetCreator reported another critical SQL injection (vulnerability) on MyRingTune URL : http://www.myringtuneonline.com SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of
Hackers note to Windows Defender’s Team in Zlob Trojan source code
Russian hacker has sent a note to the windows defender team. It’s discovered by a French analyst while analyzing the variant of the Zlob Trojan. The original note below. “For
Introducing SpearPhisher – A Simple Phishing Email Generation Tool
SpearPhisher is a simple point and click Windows GUI tool designed for (mostly) non-technical people who would like to supplement the education and awareness aspect of their information security program.