hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Suggestions from code review

Browse Source
This commit is contained in:
Tony Torralba
2021-07-29 13:09:31 +02:00
parent 0e7cbbfeb8
commit 023264660b
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.qhelp
View File

@@ -2,7 +2,7 @@
<qhelp>
<overview>
<p>Basic authentication only obfuscates usernames and passwords in Base64 encoding, which can be easily recognized and reversed, thus it must not be transmitted over the cleartext HTTP channel. Transmission of sensitive information not in HTTPS is vulnerable to packet sniffing.</p>
<p>Basic authentication only obfuscates usernames and passwords in Base64 encoding, which can be easily recognized and reversed, thus it must not be transmitted over the cleartext HTTP channel. Transmitting sensitive information without using HTTPS makes the data vulnerable to packet sniffing.</p>
</overview>
<recommendation>

4
java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
View File

@@ -2,8 +2,8 @@
* @name Insecure basic authentication
* @description Basic authentication only obfuscates username/password in
* Base64 encoding, which can be easily recognized and reversed.
* Transmission of sensitive information not over HTTPS is
* vulnerable to packet sniffing.
* Transmitting sensitive information without using HTTPS makes
* the data vulnerable to packet sniffing.
* @kind path-problem
* @problem.severity warning
* @precision medium