Basic Auth Credentials
Description
Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password. Leaked usernames and password can be used by attackers to attempt to authenticate to existing accounts and steal information they hold.
Remediation
Multiple Services
. Revoke the exposed secret.
. Clean the git history. + Go under the settings section of your GitHub project and chose the change visibility button at the bottom.
. Inspect your application's access logs to ensure the key was not utilized during the compromised period.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1303 |
| Severity | MEDIUM |
| IaC Type | secrets |
| Frameworks | Git |
| Checkov ID | CKV_SECRET_4 |