Well even my 2.3 site has this, perhaps if you updated the core before (say it was an earlier version) maybe the BasicAuth file didn't get updated.
The function which should be in BasicAuth.php looks like...
/**
* Call {@link BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site()} has been called.
* This is a helper function used by Controller.
*/
static function protect_site_if_necessary() {
if(self::$entire_site_protected) {
self::requireLogin("SilverStripe test website. Use your CMS login.", "ADMIN");
}
}
You could try (if your missing it) just putting that in the BasicAuth.php file. Also note the 2.3 branch is up to 2.3.7 so your 4 versions behind the latest security updates so if you are worried about it, your site could be compromised.