Web Server Uses Plain Text Basic Authentication vulnerability

Question

We have got 'Web Server Uses Plain Text Basic Authentication' vulnerability in our tomcat application during our server scan. We have tried enabling SSL(Generating SSL certificate, making changes in server.xml and restarting tomcat) but still this is not solving our issue. Is there any solution to fix this vulnerability?

Thanks in Advance!

score 2 · Answer 1 · answered Feb 08 '17 at 03:57

2

Sure, it's quite simple. You have two options:

Do not accept connections on port 80.
Accept connections on port 80, but immediately redirect them to https on port 443.

How this gets implemented in tomcat is left for you to sort out.

answered Feb 08 '17 at 03:57

EEAA

108,414
18
172
242

clarify: accept connections on port 80 on a seperate vhost/site that only does 301 to https and does not exposure your app. – Jacob Evans Feb 08 '17 at 06:19

Web Server Uses Plain Text Basic Authentication vulnerability

1 Answers1