The Basic Authentication scheme uses the username and password and encrypts the password using base64 encoding. In spite of this, there are still many security holes in the Basic Authentication scheme. Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text format across the network. Hence, any attacker listening with a packet sniffer can easily read the username and password in plain text format. The username and password are passed with every request not just when the user first types them, so the packet sniffer need not listen at any particular time, but just long enough to observe any single request coming across the wire. Besides, the encryption used in the authentication is also very insecure and can be easily decoded.
What are the security holes in the Basic Authentication scheme?
September 22, 2008
0 Comments
Explore More
Critical xss vulnerabilities at classified listings site Ads.com.mm
PlanetCreator has reported another critical XSS Vulnerability on classified listings site Ads.com.mm Cross Site Scripting is a client-side attack where an attacker can craft a malicious link, containing script- code
What is NetBIOS?
NetBIOS is a Microsoft service that enables applications on different computers to communicate within a LAN. NetBIOS systems identify themselves with a 15-character unique name and use Server Message Block,
[FUD] Simple command-line binder
First of all, why a command-line binder? Automation. Instead of sitting there binding individual, or even groups of files yourself, you can easily automate the binding process by using a