Cleartext authentication


This check looks for cleartext authentication such as HTTP Basic auth with no-TLS.


Authentication credentials are transported via unencrypted channel (HTTP). This exposes the transmitted credentials to any attacker who can monitor (sniff) the network traffic during transmission. Sensitive information such as credentials should always be transmitted via encrypted channels such as HTTPS.