Admin endpoint without authentication

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

An administrative endpoint is exposed without authentication, allowing unauthorized users to access sensitive functionality.

Rationale

This finding detects when an endpoint:

Remediation

  • Validate that the code isn’t expecting the user to be authenticated to have access to this resource (AuthN). If this API is, in fact, authenticated, ensure your code is instrumented correctly. Datadog auto-instruments many event types. Review your instrumented business logic events.