This exposes the authentication credentials in plaintext on the network and can lead to attackers finding and using the credentials to make unauthorized API calls.
This rule applies at the API Specification level (OAS/Swagger).
Vulnerability to Eavesdropping: Since HTTP transmits data in plaintext, any information exchanged during the authentication process, including usernames, passwords, or tokens, can be intercepted by malicious actors monitoring network traffic. This vulnerability allows attackers to potentially steal authentication credentials and impersonate legitimate users.
