Weak obfuscation of web request High

Weak obfuscation while configuring a web request is vulnerable to unauthorized access. Using stronger obfuscation significantly reduces the chances of attacks due to unauthorized access.

Detector ID
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1public void httpAuthenticationNoncompliant(final URL url, final String password) throws URISyntaxException {
2    final String encoding = Base64.getEncoder().encode(password.getBytes()).toString();
3    HttpPost httppost = new HttpPost(url.toURI());
4    // Noncompliant: uses HTTP Basic Authentication.
5    httppost.setHeader("Authorization", "Basic " + encoding);