Ensure that security schemes don't allow cleartext credentials over unencrypted channel

Error: Security scheme allows cleartext credentials over unencrypted channels
Bridgecrew Policy ID: BC_OPENAPI_3
Checkov Check ID: CKV_OPENAPI_3
Severity: HIGH

Security scheme allows cleartext credentials over unencrypted channels

Description

Sending credentials over HTTP in cleartext expose your API calls to man-in-the-middle attacks among others. Ensure that you are using an encrypted channel for sending credentials.

Fix

Ensure that you aren't using the unencryptedScheme. For example:

components:
  securitySchemes:
-    unencryptedScheme:
-      type: http
-      scheme: basic
+    encryptedScheme:
+      type: oauth2
paths:
  "/":
    get:
      security:
-        - unencryptedScheme: []
+        - encryptedScheme:
+            - write
+            - read

Did this page help you?