Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2647

Basic authentication should not be used

    Details

    • Message:
      Use a more secure method than basic authentication.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      C#, XML
    • Covered Languages:
      Java
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      2h
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • CWE:
      CWE-522, CWE-311
    • OWASP:
      A6
    • SANS Top 25:
      Porous Defenses

      Description

      Basic authentication's only means of obfuscation is Base64 encoding. Since Base64 encoding is easily recognized and reversed, it offers only the thinnest veil of protection to your users, and should not be used.

      See

        Attachments

          Issue Links

          1.
          XML RSPEC-5238 Language-Specification Active Unassigned
          2.
          Java RSPEC-5614 Language-Specification Active Unassigned
          3.
          Python RSPEC-5619 Language-Specification Active Unassigned

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ann.campbell.2 Ann Campbell
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: