My SBS 2008 server is failing on the Security Metrics scan with the following report:
Description: Web Server Uses Plain Text Authentication Forms Synopsis: The remote web server might transmit credentials in cleartext. Impact: The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users. Data Received: Page : /login.htm Destination page : Input name : AU_PASSWORD Other references : CWE:522, CWE:523, CWE:718, CWE:724 Resolution: Make sure that every sensitive form transmits content over HTTPS. Risk Factor: Medium/ CVSS2 Base Score: 4.0 AV:N/AC:H/Au:N/C:P/I:N/A:N
Can anybody help me with what I need to change to pass the PCI Scan?