Hi, we have installed tomcat 7.0.94 on windows 2016 and no SSL enabled. But while qualys scan we found the below vulnerability. can you guide how can we fix it.
1) QID : 86763 - Web Server Uses Plain Text Basic Authentication Impact : Using Readable Clear Text can help eavesdropping and thereby compromise confidentiality. An attacker can successfully exploit this issue when the 401 error is returned when authentication is required. Also, an attacker can find out that the Basic Authentication scheme is used using the WWW-authenticate header. I can see requests are redirecting to 8443 from server.xml <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> let me know if you have any suggestions. Thanks Ram