This is part of the security item or pen test result for EC product.
The agent(client/server) validation is done by checking aid, tid and groupid generated by service with {version}/admin/accounts/validate endpoint
This endpoint takes the ids info as EC-config header in the request
While making this request if the request is going through proxy the pen test team was able to fetch the EC-config header decode it and change values of ids encode the header again and continue request
If the ids are changed gateway throws error so connection does not happen but the ask is the ids info should not be fetch-able from EC-config header of the /validate api
So before embedding info to URLs sanitize the input
GE Digital Security Vulnerability Report [3699]
This is part of the security item or pen test result for EC product.