Versions (4)
Version DetailsCurrent
Rev: 17 • Jul 30, 2010, 12:00 PMET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted
alert http $HOME_NET any -> any any (msg:"ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted"; flow:established,to_server; threshold: type both, count 1, seconds 300, track by_src; http.header; content:"Authorization|3a 20|Basic"; nocase; content:!"YW5vbnltb3VzOg=="; within:32; content:!"Proxy-Authorization|3a 20|Basic"; nocase; content:!"KG51bGwpOihudWxsKQ=="; classtype:policy-violation; sid:2006380; rev:17; metadata:created_at 2010_07_30, performance_impact Significant, confidence Medium, signature_severity Informational, updated_at 2024_08_07;)
Jul 30, 2010, 12:00 PM
Aug 7, 2024, 12:00 PM
Jul 30, 2010, 12:00 PM
Sep 19, 2024, 11:00 PM
rules/emerging-policy.rules