Admin endpoint without authentication

Description

An administrative endpoint is exposed without authentication, allowing unauthorized users to access sensitive functionality.

Rationale

This finding detects when an endpoint:

Remediation

  • Validate that the code isn’t expecting the user to be authenticated to have access to this resource (AuthN). If this API is, in fact, authenticated, ensure your code is instrumented correctly. Datadog auto-instruments many event types. Review your instrumented business logic events.