diff options
Diffstat (limited to 'doc/user/application_security/dast/checks/287.2.md')
-rw-r--r-- | doc/user/application_security/dast/checks/287.2.md | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/doc/user/application_security/dast/checks/287.2.md b/doc/user/application_security/dast/checks/287.2.md new file mode 100644 index 00000000000..2215b72f47a --- /dev/null +++ b/doc/user/application_security/dast/checks/287.2.md @@ -0,0 +1,35 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# Insecure authentication over HTTP (Digest Authentication) + +## Description + +The target application was found to authenticate users using the Digest Authentication scheme over HTTP. +Digest Authentication uses an insecure hashing algorithm (MD5) to hash the username and password and sends +it in the `Authentication` header. Attackers who are in between the communication path (or on the same +local network) of the client and server could use packet sniffers to modify the server's response parameters +to downgrade the security of the digest access authentication mode. Additionally, the server stores the +hashed credentials, usually in a file called `.htpasswd`. Tools are readily available to crack these passwords. + +## Remediation + +If possible, switch to a more robust method to authenticate users such as OAuth 2.0, or storing usernames +and passwords in a data store protected by the Argon2id algorithm. If Digest Authentication must be used, +ensure credentials are only transmitted over secure channels such as HTTPS/TLS. + +## Details + +| ID | Aggregated | CWE | Type | Risk | +|:---|:--------|:--------|:--------|:--------| +| 287.2 | false | 287 | Passive | Low | + +## Links + +- [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html) +- [OAuth 2.0](https://oauth.net/2/) +- [CWE-287](https://cwe.mitre.org/data/definitions/287.html) +- [RFC](https://datatracker.ietf.org/doc/html/rfc2069) |