Exposure HTTP authentication methods passwd on Network

There two method of HTTP authentication. basic or digest method.

On basic auth, Server describes WWW-Authenticate header with 401 Unauthorized response.

In this case, ID, PW exposure on WWW-Authenticate header.

you can web admin authentication Bypass.

Furthermore, the basic authentication client sends ID, Password by encoding base-64.

Anyone can decode ID, PW and get access to the server who captured parameter.

image

5 Likes

Great posting!!