Findings

Authentication removed

Updated: June 19, 2025

findings design based findings api finding

Description

An endpoint that previously required authentication has been changed to no longer require authentication.

Remediation

Verify that the change was intentional and correct, or add back the authentication requirement to the endpoint.

Security Frameworks

OWASP API 2023

API2:2023 Broken Authentication

Authentication mechanisms are often implemented incorrectly, allowing attackers to compromise authentication tokens or to exploit implementation flaws to assume other user's identities temporarily or permanently. Compromising a system's ability to identify the client/user, compromises API security overall.

OWASP API 2019

API2:2019 Broken User Authentication

Authentication mechanisms are often implemented incorrectly, allowing attackers to compromise authentication tokens or to exploit implementation flaws to assume other user's identities temporarily or permanently. Compromising the system's ability to identify the client or user, compromises API security overall.

MITRE CWE Top 25

CWE-287: Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Need help?

Contact FireTail support

Previous (Findings - Design based findings)
API key in URL
Next (Findings - Design based findings)
Basic HTTP auth