HTTP Basic Authorization Password is Guessable

Vulnerability Description

Brief description: The password used to gain access to protected areas of a web server is guessable.

Full description: The password used to gain access to protected areas of a web server is guessable. A more complicated password should be chosen.

Components: web server authenticating remote users with passwords

Systems: any

Effect(s) of exploiting: An attacker could make the web server perform actions based upon an erroneous identification.

Detecting the hole:

Fixing the hole:

1. Choose a longer and/or more complicated password. Use numbers, mix up the capitalization, use $^*%@ characters.

Other information: This is not a problem with the program. It is a problem with password selection.

Keywords

httpd authentication

Cataloguing

Exploit Information

Attack:

Related Information

Advisories:

Related Vulnerabilities:

Reportage

Reporting: in ( )

Revision Number 1

1. Patrick LeBlanc (7/3/2000):