Authentication / Cleartext Submission of Password

Description

Cleartext submission of password is a vulnerability that occurs when a password is transmitted in a non-encrypted form during authentication processes over an open network like the internet. Unencrypted data can be easily intercepted by malicious actors and used to gain access to systems and resources. According to the OWASP Testing Guide, this vulnerability should be tested as part of authentication testing.

Risk

This risk can result in unauthorized access to systems and sensitive data. As passwords are the most common form of access control, passwords that are sent in cleartext can lead to major security incidents.

Solution

The solution to this vulnerability is to ensure that passwords are always sent over a secure communication channel, such as TLS/SSL or SSH. This ensures that the passwords are encrypted and thus not exposed to attackers. Developers should also ensure that passwords are never stored in plaintext and that they are hashed before being stored in the database.