Jump to content

jfroot

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by jfroot

  1. Our security systems within our network notified us that all of our recently installed ESET clients are requesting AV updates using http with Basic authentication. "ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted" To: um21.eset.com As basic authentication in HTTP is not-encrypted, it is trivial for anyone to intercept these requests and extract our username and password using any Base64 decoder. If you insist on using http over https, please utilize a more robust password hashing mechanism.
×
×
  • Create New...