Basic Auth Credentials

Bridgecrew Policy ID: BC_GIT_4
Severity: LOW

Basic Auth Credentials


Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password. Leaked usernames and password can be used by attackers to attempt to authenticate to existing accounts and steal information they hold.

Fix - Buildtime

Multiple Services

Step 1: Revoke the exposed secret.

Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

Step 3: Inspect your application's access logs to ensure the key was not utilized during the compromised period.