Skip to main content
Version: Next

Weak Authentication Method

Weak Authentication Method

What is it?

The API is using HTTP basic or digest authentication over an unsecured (plain text) connection. The credentials can be read and then reused by someone with access to the network.

References

Test case FAQs

When is this test case applicable?

This is applicable for all API endpoints when the Baseline security category is enabled in test plans.

How does it work?

Requests sent for the API are analyzed for the presence of HTTP basic or digest authentication over plain text (non TLS) connections.

What is the solution?

Protect the connection using HTTPS or use a stronger authentication mechanism such as Bearer authentication.