Authentication removed

firetail:authenticated-endpoint-removed

Type:

Finding

Rule Severity:

Critical

An endpoint that previously required authentication has been changed to no longer require authentication.

This rule applies at the API Specification level (OAS/Swagger).

Remediation

Verify that the change was intentional and correct, or add back the authentication requirement to the endpoint.

Example Attack Scenario

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Data exposure detected
Missing rate limit headers
Malformed media type
Numeric IDs
Stripe secrets found in logs
Basic HTTP auth