Vulnerability [InvalidAuth] : GET:/api/v1/projects/search

[jaleelsyed]

Project : Vul

Template : ApiV1ProjectsSearchGetAuthInvalid

Run Id : 8a80cb8169b9892c0169b98a91240000

Job : Default

Env : Default

Category : InvalidAuth

Tags : [OWASP A2, OWASP A5, OWASP A6, OWASP A7, [PCI DSS 3.0] 6.5.8, [PCI DSS 3.0] 6.5.10, OTG-AUTHN-004, FX Top 10 - API Vulnerability, Non-Intrusive]

Severity : Major

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 401

Headers : {WWW-Authenticate=[Basic realm="Realm", Basic realm="Realm"], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Length=[0], Date=[Tue, 26 Mar 2019 10:27:56 GMT]}

Endpoint : http://localhost:8080/api/v1/projects/search

Request :

Response :

Logs :
2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : URL [http://localhost:8080/api/v1/projects/search] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Method [GET] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Request [] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic aW52YWxpZHVzZXJAZnhsYWJzLmlvOlRoaXNJc0ludmFsaWRQYXNzd29yZA==]}] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Response [] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Response-Headers [{WWW-Authenticate=[Basic realm="Realm", Basic realm="Realm"], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Length=[0], Date=[Tue, 26 Mar 2019 10:27:56 GMT]}] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : StatusCode [401] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Time [4414] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Size [0] 2019-03-26 10:27:59 ERROR [ApiV1ProjectsSearchGetAuthInvalid] : Assertion [@StatusCode == 401 AND @StatusCode == 403] resolved-to [401 == 401 AND 401 == 403] result [Failed]

--- FX Bot ---

[jaleelsyed]

Message : This issue is manually closed from FX control plane.

Project : Vul

Template : ApiV1ProjectsSearchGetAuthInvalid

Run Id : 8a80cb8169b9892c0169b98a91240000

Job : Default

Env : Default

Category : InvalidAuth

Tags : null

Severity : Major

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 401

Headers : {WWW-Authenticate=[Basic realm="Realm", Basic realm="Realm"], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Length=[0], Date=[Tue, 26 Mar 2019 10:27:56 GMT]}

Endpoint : http://localhost:8080/api/v1/projects/search

Request :

Response :

Logs :
2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : URL [http://localhost:8080/api/v1/projects/search] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Method [GET] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Request [] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic aW52YWxpZHVzZXJAZnhsYWJzLmlvOlRoaXNJc0ludmFsaWRQYXNzd29yZA==]}] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Response [] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Response-Headers [{WWW-Authenticate=[Basic realm="Realm", Basic realm="Realm"], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Length=[0], Date=[Tue, 26 Mar 2019 10:27:56 GMT]}] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : StatusCode [401] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Time [4414] 2019-03-26 10:27:59 DEBUG [ApiV1ProjectsSearchGetAuthInvalid] : Size [0] 2019-03-26 10:27:59 ERROR [ApiV1ProjectsSearchGetAuthInvalid] : Assertion [@StatusCode == 401 AND @StatusCode == 403] resolved-to [401 == 401 AND 401 == 403] result [Failed]

--- FX Bot ---