Plaintext bearer token

firetail:plaintext-bearer-token

Type:

Finding

Rule Severity:

Critical

An endpoint is using the Bearer Token security mechanism over HTTP.

This exposes the authentication credentials in plaintext on the network and can lead to attackers finding and using the credentials to make unauthorized API calls.

This rule applies at the API Specification level (OAS/Swagger).

Remediation

Change the transport protocol to HTTPS. This will ensure that all data in the request including authentication credentials are encrypted in transit.

Example Attack Scenario

Risk of Token Theft: If Bearer Tokens are stored or transmitted in plaintext in client-side storage (such as local storage, cookies, or mobile device storage), they are vulnerable to theft by cross-site scripting (XSS) attacks or other client-side vulnerabilities. Attackers can steal these tokens and use them to access protected API resources without authorization.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Missing required headers
Mailgun secrets found in logs
GraphQL injection found in logs
Missing content-type header
AppSync GraphQL API query depth limit high
Plaintext negotiated authentication