ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted

SID: 2006402Rev: 140 views
History
Sourceet/open
CreatedJuly 30, 2010
UpdatedApril 11, 2024
Classificationpolicy-violation
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted"; flow:established,to_server; threshold:type both, count 1, seconds 300, track by_src; http.header; content:"Authorization|3a 20|Basic"; nocase; content:!"YW5vbnltb3VzOg=="; within:32; content:!"Proxy-Authorization|3a 20|Basic"; nocase; classtype:policy-violation; sid:2006402; rev:14; metadata:created_at 2010_07_30, deprecation_reason Performance, performance_impact Significant, confidence High, signature_severity Informational, updated_at 2024_04_11;)

Metadata

created at2010_07_30
deprecation reasonPerformance
performance impactSignificant
confidenceHigh
signature severityInformational
updated at2024_04_11

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!