Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted"; flow:established,to_server; threshold: type both, count 1, seconds 300, track by_src; http.header; content:"Authorization|3a 20|Basic"; nocase; content:!"YW5vbnltb3VzOg=="; within:32; content:!"Proxy-Authorization|3a 20|Basic"; nocase; classtype:policy-violation; sid:2006402; rev:14; metadata:created_at 2010_07_30, deprecation_reason Performance, performance_impact Significant, confidence High, signature_severity Informational, updated_at 2024_04_11;)