devopsenggineer / Sanity

0 stars 0 forks source link

t : V2AuthAwsRoleRoleGetAuthInvalidEmpty #50

Open devopsenggineer opened 5 years ago

devopsenggineer commented 5 years ago

Project : t

Job : Default

Env : Default

Category : InvalidAuthEmpty

Tags : [OWASP A2, OWASP A5, OWASP A6, OWASP A7, [PCI DSS 3.0] 6.5.8, [PCI DSS 3.0] 6.5.10, OTG-AUTHN-004, FX Top 10 - API Vulnerability, Non-Intrusive]

Severity : Major

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 400

Headers : {Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 05:33:02 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}

Endpoint : http://52.53.242.1/vault/v2/auth/aws/role/pjaIYcff

Request :

Response :
{ "errors" : [ "Missing request header 'vault-token' for method parameter of type String" ] }

Logs :
2019-02-23 05:33:02 DEBUG [V2AuthAwsRoleRoleGetAuthInvalidEmpty] : URL [http://52.53.242.1/vault/v2/auth/aws/role/pjaIYcff] 2019-02-23 05:33:02 DEBUG [V2AuthAwsRoleRoleGetAuthInvalidEmpty] : Method [GET] 2019-02-23 05:33:02 DEBUG [V2AuthAwsRoleRoleGetAuthInvalidEmpty] : Request [] 2019-02-23 05:33:02 DEBUG [V2AuthAwsRoleRoleGetAuthInvalidEmpty] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-02-23 05:33:02 DEBUG [V2AuthAwsRoleRoleGetAuthInvalidEmpty] : Response [{ "errors" : [ "Missing request header 'vault-token' for method parameter of type String" ] }] 2019-02-23 05:33:02 DEBUG [V2AuthAwsRoleRoleGetAuthInvalidEmpty] : Response-Headers [{Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 05:33:02 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}] 2019-02-23 05:33:02 DEBUG [V2AuthAwsRoleRoleGetAuthInvalidEmpty] : StatusCode [400] 2019-02-23 05:33:02 DEBUG [V2AuthAwsRoleRoleGetAuthInvalidEmpty] : Time [42] 2019-02-23 05:33:02 DEBUG [V2AuthAwsRoleRoleGetAuthInvalidEmpty] : Size [87] 2019-02-23 05:33:02 ERROR [V2AuthAwsRoleRoleGetAuthInvalidEmpty] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]

--- FX Bot ---

devopsenggineer commented 5 years ago

Project : t

Job : Default

Env : Default

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 400

Headers : {Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 11:25:52 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}

Endpoint : http://52.53.242.1/vault/v2/auth/aws/role/AnHYGfU5

Request :

Response :
{ "errors" : [ "Missing request header 'vault-token' for method parameter of type String" ] }

Logs :
Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed] --- FX Bot ---