/alerttags/wstg-v42-athn-01/ Recent content in WSTG-V42-ATHN-01 on ZAP Hugo en-us /docs/alerts/10105-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10105-1/ <p>An insecure authentication mechanism is in use. This allows an attacker on the network access to the userid and password of the authenticated user. For Basic Authentication, the attacker must merely monitor the network traffic until a Basic Authentication request is received, and then base64 decode the username and password. For Digest Authentication, the attacker has access to the username, and possibly also the password, if the hash (including a nonce) can be successfully cracked, or if a Man-In-The-Middle attack is mounted. The attacker eavesdrops on the network until an authentication has completed.</p> /docs/alerts/10105-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10105-2/ <p>HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network.</p>