Ensure that security schemes don't allow cleartext credentials over unencrypted channel
Error: Security scheme allows cleartext credentials over unencrypted channels
Bridgecrew Policy ID: BC_OPENAPI_3
Checkov Check ID: CKV_OPENAPI_3
Severity: HIGH
Security scheme allows cleartext credentials over unencrypted channels
Description
Sending credentials over HTTP in cleartext expose your API calls to man-in-the-middle attacks among others. Ensure that you are using an encrypted channel for sending credentials.
Fix - Buildtime
OpenAPI
Ensure that you aren't using the unencryptedScheme. For example:
components:
securitySchemes:
- unencryptedScheme:
- type: http
- scheme: basic
+ encryptedScheme:
+ type: oauth2
paths:
"/":
get:
security:
- - unencryptedScheme: []
+ - encryptedScheme:
+ - write
+ - read
Updated 9 months ago