Plaintext negotiated authentication

firetail:plaintext-negotiated-authentication

Type:

Finding

Rule Severity:

Critical

An endpoint is negotiating authentication over HTTP.

This exposes the authentication credentials in plaintext on the network and can lead to attackers finding and using the credentials to make unauthorized API calls.

This rule applies at the API Specification level (OAS/Swagger).

Remediation

Change the transport protocol to HTTPS. This will ensure that all data in the request including authentication credentials are encrypted in transit.

Example Attack Scenario

Vulnerability to Eavesdropping: Since HTTP transmits data in plaintext, any information exchanged during the authentication process, including usernames, passwords, or tokens, can be intercepted by malicious actors monitoring network traffic. This vulnerability allows attackers to potentially steal authentication credentials and impersonate legitimate users.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
AWS ALB listeners should be configured with HTTPS or TLS termination
AWS ALB has a WAF that is set to fail open
Directive overloading
AppSync field-level logging is not enabled
Plaintext unknown authentication
AWS Load Balancer missing deletion protection