Skip to content

Commit 0e7cbbf

Browse files
mchammer01atorralba
mchammer01
authored and
atorralba
committed
Update InsecureBasicAuth.qhelp
1 parent e58b90e commit 0e7cbbf

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
<qhelp>
33

44
<overview>
5-
<p>Basic authentication only obfuscates username/password in Base64 encoding, which can be easily recognized and reversed, thus it must not be transmitted over the cleartext HTTP channel. Transmission of sensitive information not in HTTPS is vulnerable to packet sniffing.</p>
5+
<p>Basic authentication only obfuscates usernames and passwords in Base64 encoding, which can be easily recognized and reversed, thus it must not be transmitted over the cleartext HTTP channel. Transmission of sensitive information not in HTTPS is vulnerable to packet sniffing.</p>
66
</overview>
77

88
<recommendation>

0 commit comments

Comments
 (0)