Broken user authentication happens when the API is not properly validating access tokens.

API #3: Excessive Data Exposure

Excessive data exposure refers to when an API exposes more information than necessary. Attackers can then use this extra information to perform attacks like identity theft, fraud, or blackmail. For example, if a social media site leaks users’ birth dates and addresses in their profiles, attackers could use that information to steal people’s identities! This vulnerability also includes leaking sensitive data like passwords or credit card numbers through other vulnerabilities (like broken user authentication)

Back to Main