HTML page uses cleartext form-based authentication

 When running a PCI compliance scan, failure occurs with error: 
Title: HTML page uses cleartext form-based authentication (/page.ashx?
linkguid={38C6B8A7-7221-4318-B3A8-5FA0B00202FF}) Impact: Poor
authentication practices may leave the web application vulnerable to
authentication attacks. Data Received: <input name='pin' id='pin'
type='password' style='display:none;' /> Resolution: To use HTML form-based
authentication more securely in web applications, do the following: Remove the
TCP 80 http 4.0
value attribute from the INPUT tag corresponding to the password field.
Submit all forms to an SSL-enabled (https) service using the form&#39;s
action attribute. Place all protected web directories on an SSL-enabled (https)
service. Use the autocomplete=&#34;off&#34; attribute in the INPUT tag
corresponding to the password field. Risk Factor: Medium/ CVSS2 Base
Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
 In order to resolve this error:

1. Enable SSL on all pages
2. Make sure that external links to third party sites are using https://  (Facebook, Twitter, etc)
3. Enable Single Sign On, and verify that FAWeb and NetClassroom URLs are https://  in the Education tab located in Administration > Sites and Settings
4. Verify that the link to NetClassroom/FAWeb is https://

Once all of these are in place, run the PCI scan again.

How to troubleshoot failures of PCI scan reports

Environment

 6.51 patch 18

Was this article helpful?


Thanks for your feedback! Did this solve your issue?

Comments (optional):


Thanks for your feedback!
We're glad it was helpful but sorry it didn’t solve your issue. If you need assistance, click Chat with Support below.
We’re sorry to hear that. Please tell us why.

 I don't like how this works.

 The answer is confusing.

 The answer didn't match what I was searching for.

Additional Comments (optional):


Thanks for your feedback! If you need assistance, click Chat with Support below.
Thanks for your feedback. Help us make our products even better by sharing details in our Idea Banks or our online Community.
Thanks for letting us know. We'll work on clarifying the information in the article. If you need assistance, click Chat with Support below.
Thanks for letting us know. We'll work on updating the search engine to return more relevant results.