The Basic Authentication scheme uses the username and password and encrypts the password using base64 encoding. In spite of this, there are still many security holes in the Basic Authentication scheme. Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text format across the network. Hence, any attacker listening with a packet sniffer can easily read the username and password in plain text format. The username and password are passed with every request not just when the user first types them, so the packet sniffer need not listen at any particular time, but just long enough to observe any single request coming across the wire. Besides, the encryption used in the authentication is also very insecure and can be easily decoded.
What are the security holes in the Basic Authentication scheme?
September 22, 2008
0 Comments
Explore More
Ur email can be intercepted!
Top 10 Places Your Email Can Be Intercepted The Internet has radically changed the way we communicate with each other. Email is obviouslyan extremely valuable and ubiquitous form of communication,
You’ve Hired a Hacker (Section 2)
Section 2: Social issues 2.1: My hacker doesn’t fit in well with our corporate society. She seems to do her work well, but she’s not really making many friends. This
Huge internet bill? Are you a zombie? How does your computer act as zombie?
Zombie or zombie computers are becoming the number one source of all malware and spam attacks. A zombie is a computer attached to the Internet that has been compromised by