SYM_CONF_0030 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Authentication
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-287: Improper Authentication |
| OWASP | A04:2021 Insecure Design |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description
The API uses HTTP Basic Authentication, which sends user credentials in an easily decodable format and lacks strong security protections. This approach is outdated and exposes sensitive information if intercepted.
Impact
Attackers could capture or reuse credentials through network sniffing or replay attacks, leading to unauthorized access to user accounts or system resources. This can result in data breaches, account compromise, and significant risk to both users and the organization.