Signature
alert tcp any any -> any 80 ( msg:"Basic Auth Base64 HTTP Password detected unencrypted"; flow:established,to_server;content:"|0d 0a|Authorization|3a 20|Basic"; nocase;content:!"YW5vbnltb3VzOg=="; within:32; classtype:misc-activity; rev:1; sid:4000130;)
Recommendations/Investigative actions
Consider implementing HTTPS (HTTP over SSL/TLS) instead of HTTP for secure communication. HTTPS encrypts the communication between the client and server, ensuring that sensitive information, such as passwords, is encrypted and not transmitted in clear text. Authorize the Link. If the link was approved in terms of the IP addresses and ports - archive and baseline the rule. If not - check the connection and investigate the relevant IP address, check if the IP address is new on the network and if there are additional alerts related to this IP address.
Relations to other alerts