I have a Domino web server that I’m having trouble with an audit finding for. The finding says that “An attacker can successfully exploit this issue when the 401 error is returned when authentication is required. Also, an attacker can find out that the Basic Authentication scheme is used using the WWW-authenticate header.”
I tried converting to forms based authentication and it actually did worse on the audit because I don’t have a way to encrypt the traffic. I’ve already customized the error pages on that server, and I’m not sure what else to do in order to improve its results while still using basic authentication. Any ideas?