Authentication / Cleartext Submission of Password
Cleartext submission of password is a vulnerability classified under CWE-259: Use of Hard-coded Password. It occurs when a password is transmitted in a non-encrypted form during authentication processes over an open network like the internet. This is a high risk vulnerability as unencrypted data can be easily intercepted by malicious actors and used to gain access to systems and resources. According to the OWASP Testing Guide, this vulnerability should be tested as part of authentication testing.
The risk associated with this vulnerability is high because it allows attackers to easily intercept and access passwords. This can result in unauthorized access to systems and sensitive data. As passwords are the most common form of access control, passwords that are sent in cleartext can lead to major security incidents.
The solution to this vulnerability is to ensure that passwords are always sent over a secure communication channel, such as TLS/SSL or SSH. This ensures that the passwords are encrypted and thus not exposed to attackers. Developers should also ensure that passwords are never stored in plaintext and that they are hashed before being stored in the database.