Luis Gonzalez
Reputation: 21
APPSACAN: Authentication.Credentials.Unprotected
I did a scan with the APPSCAN to an application, and the report says there's a vulnerability called:"Authentication. Credentials. Unprotected" and it's in that method:
public string CrearSeguimientoCertificador(string UsuarioServicio, string ContrasenaServicio, long Idproceso, string IdCertificador, string Observaciones, int ResultadoExamen, string CategoriaFinal)
{
string resultado = null;
ServicioTransaccionalClient svc = new ServicioTransaccionalClient();
try
{
svc.ClientCredentials.UserName.UserName = UsuarioServicio;
svc.ClientCredentials.UserName.Password = ContrasenaServicio;
resultado = svc.CrearSeguimientoCertificador(Idproceso, IdCertificador, Observaciones, ResultadoExamen, CategoriaFinal, "");
svc.Close();
return resultado;
}
catch (Exception ex)
{
if (svc != null)
svc.Abort();
throw ex;
}
}
This is because I'm sending web service credentials without protection or encryption, but I don't know how to fix this. Could somebody point me out in which direction to go in order to solve this problem?
Upvotes: 2
Views: 577
Answers (0)
Related Questions
- Appscan Validation.Required issue in java
- Authentication fails with "Unprotect ticket failed" for Asp.Net Core WebApi
- Microsoft.InformationProtection.Exceptions.AccessDeniedException: The service didn't accept the auth token
- How to provide credentials for calling Key Protect service within Bluemix application?
- Bluemix sample app fails with "Failed to authenticate against MCA"
- Bluemix: Can I scan a Java ReST API using Application Security on Cloud
- Appscan Issues: Authentication.Credentials.Unprotected
- IBM Bluemix NoAppDetectedError when uploading application
- Bluemix Mobile Application Security - User Authentication
- How to authenticate users accesing my bluemix app?