Unauthenticated route processes payments

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Unauthenticated users have access to an API that’s processing payments. Attackers can abuse this endpoint to perform unauthorized actions, carding, or commit fraudulent activities.

Rationale

This finding works by identifying an API that is tracking a payment business logic event (tags containing the payment. prefix) but lacks an authentication mechanism.

Remediation

  • Implement authentication to prevent non-intended users interaction with the API