Y
Hacker News
new
|
ask
|
show
|
jobs
by
judge2020
2014 days ago
I think they assumed it was already hardened by requiring authentication, but didn't do any testing (or were unaware of this endpoint being a thing in the software they use).