I have a server on which apache tomcat 6.0.16 is installed and there are no web applications running.
But I have a axis2.war which is hosting few web services. Now after performing a Qualsys Security vulnerability check it gave me the following result:
Service name: Web server Vulnerability description: Web Server Uses Plain-Text Form Based Authentication Severity (scale of 1-5, 5 is highest): 3
I have searched for this error and what I gather is that this error happens for websites which requests web pages from a web server and the form of authentication used is plain text based. But my doubt is we do not have any web apps on the server running so which authentication it is asking for? Or if it is related to axis2.war?
Any suggestions would be of great help.
Sep 13, 2022•Knowledge The Web server uses plain-text form based authentication. A web page exists on the target host which uses an HTML login form. This data is sent from the client to the server in plain-text.
Form-based authentication is not particularly secure. In form-based authentication, the content of the user dialog box is sent as plain text, and the target server is not authenticated. This form of authentication can expose your user names and passwords unless all connections are over SSL.
Form-based authentication allows the developer to control the look and feel of the login authentication screens by customizing the login screen and error pages that an HTTP browser presents to the end user. When form-based authentication is declared, the following actions occur.
Basically is saying that you are transmitting data over an unencrypted port such as port 80. DIsable port 80 and enable on port 443 and should fix your problem.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With