1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

HTTP Authentication - PCI vulnerability scan

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by arctic_ged, Jun 8, 2010.

  1. arctic_ged

    arctic_ged Guest


    I just completed a PCI vulnerability scan, which found a security vulnerability listed below. Does anyone know how I can fix this.

    TCP 80 http
    Synopsis : The remote web server seems to transmit credentials in clear text. Description : The remote web server contains web pages that are protected by 'Basic' authentication over plain text. An attacker eavesdropping the traffic might obtain logins and passwords of valid users.

    Solution: Make sure that HTTP authentication is transmitted over HTTPS. Risk Factor: Low / CVSS Base Score : 2.6 (CVSS2#AV:N/AC:H/Au:N/C:p/I:N/A:N)