Plaintext digest authentication

firetail:plaintext-digest-authentication

Type:

Finding

Rule Severity:

Critical

An endpoint is using the Digest Authentication security mechanism over HTTP.

This exposes the authentication credentials in plaintext on the network and can lead to attackers finding and using the credentials to make unauthorized API calls.

This rule applies at the API Specification level (OAS/Swagger).

Remediation

Change the transport protocol to HTTPS. This will ensure that all data in the request including authentication credentials are encrypted in transit.

Example Attack Scenario

Vulnerability to Eavesdropping: Since HTTP transmits data in plaintext, any information exchanged during the authentication process, including usernames, passwords, or tokens, can be intercepted by malicious actors monitoring network traffic. This vulnerability allows attackers to potentially steal authentication credentials and impersonate legitimate users.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings