An endpoint is using an alternative authentication method from the IANA Authentication Scheme Registry over HTTP.
This exposes the authentication credentials in plaintext on the network and can lead to attackers finding and using the credentials to make unauthorized API calls.
This rule applies at the API Specification level (OAS/Swagger).
Remediation
Change the transport protocol to HTTPS. This will ensure that all data in the request including authentication credentials are encrypted in transit.
Example Attack Scenario
How to Identify with Example Scenario
How to Resolve with Example Scenario
How to Identify with Example Scenario
Find the text in bold to identify issues such as these in API specifications
How to Resolve with Example Scenario
Modify the text in bold to resolve issues such as these in API specifications