Tell me, what additional threats do not allow using something like primitive CRAM-MD5 (quickly, everything is on the client and on the server)?

I understand correctly that you want to improve the security of the system without changing anything in the authentication / authorization mechanism? Then, apart from using SSL encryption of the channel, you can not advise anything.

Joining HTTPS.

Read about authentication with salt habrahabr.ru/post/121021/

Use HTTPS + authentication with SRP-6, as suggested by colleagues above.
1. Properly configured HTTPS will provide reasonable security for the communication channel (if users are minimally conscious).
2. SRP-6 does not allow intercepted data to be reused and does not allow guessing the original password based on them.
Even if an attacker bypasses SSL, for example, gains access to the private key from your server certificate, or from a higher one in the certificate chain, up to the root ones, and conducts a MITM attack using a fake SSL certificate that is legitimate from the point of view of the client browser, then the intercepted the attacker will still not have enough information to authenticate instead of the user.
Instead of SRP-6, you can use weaker standards like htdigest (HTTP digest authentication, rfc2617, is available in Apache out of the box, however, in the simplest use case, it will look like an ugly standard pop-up window to the client in the browser).

Login , password and one time password totp, based on Google Authenticator