So I’m performing a penetration test and I’m 99% I found a FP, but want to bounce it off someone else who might be able to reaffirm what I’m seeing. All API endpoints authenticate using Basic Auth. Credentials are not cached from visiting the API directly(no prompt). I don’t see how anyone could exploit this since essentially if you attempt to cross origins, you get a API key missing due to no cookie being used.
GET /v0/somethingcool HTTP/1.1
Authorization: Basic BASICAUTHINFO
HTTP/1.1 202 Accepted
access-control-allow-headers: *, Content-Type, Accept, AUTHORIZATION, Cache-Control
access-control-allow-methods: POST, GET, OPTIONS
access-control-expose-headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma