0aa80c7af2
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
8 lines
1.0 KiB
Plaintext
8 lines
1.0 KiB
Plaintext
=== What is the potential impact?
|
|
Basic authentication transmits passwords in plain text, which makes it vulnerable to interception by attackers.
|
|
|
|
==== Session hijacking and man-in-the-middle attack
|
|
If an attacker gains access to the network traffic, they can easily capture the username and password. Basic authentication does not provide any mechanism to protect against session hijacking attacks. Once a user is authenticated, the session identifier (the username and password) is sent in clear text with each subsequent request. If attackers can intercept one request, they can use it to impersonate the authenticated user, gaining unauthorized access to their account and potentially performing malicious actions.
|
|
|
|
==== Brute-force attacks
|
|
Basic authentication does not have any built-in protection against brute-force attacks. Attackers can repeatedly guess passwords until they find the correct one, especially if weak or commonly used passwords are used. This can lead to unauthorized access to user accounts and potential data breaches. |