Only if it's only accessible via proper TLS (otherwise it's easy to read the user/pass with MITM as basic auth doesn't encrypt the user/pass).
If there is no throttling/rate-limiting/banning then this setup allows for a lot of attempts, wether brute-force or dictionary.
As long as "a lot of attempts" take longer than the time it'll take the sun to expand and envelop the earth, that's not really a problem.
Every form of authentication is either subject to "a lot of attempts" or trivial DoS (for when you rate limit the login API so now admins can't log in either). The principles behind modern authentication are mostly "how do we make verification require even more attempts if the attacker doesn't know the password".
"a lot of attempts" is doing a LOT of heavy lifting here.
If your password was a set of random letters (both upper and lower case) and numbers and 20 characters long, then even if you could attempt 1,000 logins/second (a very high number for an online attack), it would take a whopping 2,232,000,000,000,000,000,000,000 years.
If you could do 1,000,000 logins/second, an absolutely absurd number for an online attack, that only takes 3 zeros off that number.
What is "a lot of attempts"? I'm no expert in cryptography, but there's many orders of magnitude difference between a distributed bruteforce of a known hash, and bruteforcing over the web.