Authentication / Cleartext Submission of Password
Description
Cleartext submission of password is a vulnerability that occurs when a password is transmitted in a non-encrypted form during authentication processes over an open network like the internet. Unencrypted data can be easily intercepted by malicious actors and used to gain access to systems and resources. According to the OWASP Testing Guide, this vulnerability should be tested as part of authentication testing.
Risk
This risk can result in unauthorized access to systems and sensitive data. As passwords are the most common form of access control, passwords that are sent in cleartext can lead to major security incidents.
Solution
The solution to this vulnerability is to ensure that passwords are always sent over a secure communication channel, such as TLS/SSL or SSH. This ensures that the passwords are encrypted and thus not exposed to attackers. Developers should also ensure that passwords are never stored in plaintext and that they are hashed before being stored in the database.