Authentication removed

firetail:authenticated-endpoint-removed

Type:

Finding

Rule Severity:

Critical

An endpoint that previously required authentication has been changed to no longer require authentication.

An authenticated endpoint verifies the identity of the requesting entity. Endpoints can be authenticated in various ways including API keys, tokens, Oauth and basic authentication. Endpoints that require authentication will fail with a 401 status code if the user or application is not authenticated.
An unauthenticated endpoint does not require authentication for access. This results in these endpoints being publicly accessible to anyone, with users not needing to provide any form of authentication credentials to use them.

This rule applies at the API Specification level (OAS/Swagger).

Remediation

Ensure that endpoints requiring authentication do not have their authentication removed. Endpoints that have previously required authentication should not become accessible to the public. API endpoints that become public can expose data, sensitive business flows, or other critical information about the application and its users.

Example Attack Scenario

Data Theft: Attackers can exploit the lack of authentication to steal sensitive data from the system. This could include personal information, financial records, or intellectual property, which can be used for identity theft or fraud.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Twilio secrets found in logs
Missing array limit
SQL Injection found in logs
Schema build failure
Paypal secrets found in logs
AWS Load Balancer missing deletion protection