Weak obfuscation of web request High

Weak obfuscation while configuring a web request is vulnerable to unauthorized access. Using stronger obfuscation significantly reduces the chances of attacks due to unauthorized access.

Detector ID
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1def http_request_noncompliant(username, password, url):
2    import urllib3 as urllib3
3    from base64 import b64encode
4    userpass = "%s:%s" % (username, password)
5    # Noncompliant: weak encoding used in HTTP Basic Authentication.
6    authorization = b64encode(str.encode(userpass)).decode("utf-8")
7    headers = {'Authorization': 'Basic %s' % authorization}
8    urllib3.disable_warnings()
9    http = urllib3.PoolManager()
10    response = http.request('GET', url, headers=headers)