Y
Hacker News
new
|
ask
|
show
|
jobs
by
loa_in_
2015 days ago
A good example of how security by obscurity can fail. Just because there's no url to an endpoint exposed doesn't mean it shouldn't be hardened
1 comments
judge2020
2015 days ago
I think they assumed it was already hardened by requiring authentication, but didn't do any testing (or were unaware of this endpoint being a thing in the software they use).
link