Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

An administrative endpoint is exposed without authentication, allowing unauthorized users to access sensitive functionality.

Rationale

This finding detects when an endpoint:

Remediation

  • Validate that the code isn’t expecting the user to be authenticated to have access to this resource (AuthN). If this API is, in fact, authenticated, ensure your code is instrumented correctly. Datadog auto-instruments many event types. Review your instrumented business logic events.