Skip to content
CerberAuth CerberAuth Docs

API Vulnerabilities

✅ = automated scan available

NameOWASPSeverityAutomated Scan
Broken Object Level Authorization (BOLA)API1:2023 Broken Object Level AuthorizationMedium
Private Field AccessAPI1:2023 Broken Object Level AuthorizationMedium
Mass AssignmentAPI1:2023 Broken Object Level AuthorizationMedium
Authentication BypassAPI2:2023 Broken AuthenticationHigh
JWT none algorithmAPI2:2023 Broken AuthenticationHigh
JWT blank secretAPI2:2023 Broken AuthenticationHigh
JWT weak secretAPI2:2023 Broken AuthenticationHigh
JWT Audience cross service relay attackAPI2:2023 Broken AuthenticationHigh
JWT Null SignatureAPI2:2023 Broken AuthenticationHigh
JWT KID Header InjectionAPI2:2023 Broken AuthenticationHigh
JWT Algorithm ConfusionAPI2:2023 Broken AuthenticationHigh
JWT Signature not verifiedAPI2:2023 Broken AuthenticationHigh
JWT ExpiredAPI2:2023 Broken AuthenticationHigh
Discoverable OpenAPIAPI7:2023 Server Side Request ForgeryInfo
Discoverable GraphQL EndpointAPI7:2023 Server Side Request ForgeryInfo
GraphQL Introspection EnabledAPI8:2023 Security MisconfigurationInfo
Secrets LeakAPI8:2023 Security MisconfigurationHigh
Directory ListingAPI8:2023 Security MisconfigurationMedium
Private IP DisclosureAPI8:2023 Security MisconfigurationLow
HTTP Cookies MisconfigurationAPI8:2023 Security MisconfigurationInfo
No CORS HeadersAPI8:2023 Security MisconfigurationInfo
Permissive CORS HeadersAPI8:2023 Security MisconfigurationInfo
HTTP Method Override EnabledAPI8:2023 Security MisconfigurationInfo - High
X-Content-Type-Options Header Not SetAPI8:2023 Security MisconfigurationInfo
X-Frame-Options Header Not SetAPI8:2023 Security MisconfigurationInfo
CSP Header Not SetAPI8:2023 Security MisconfigurationInfo
CSP Frame Ancestors Not SetAPI8:2023 Security MisconfigurationInfo
HSTS Header Not SetAPI8:2023 Security MisconfigurationInfo
HTTP TRACE/TRACK Methods EnabledAPI8:2023 Security MisconfigurationInfo
Server Signature LeakAPI8:2023 Security MisconfigurationInfo
SSL Certificate Not TrustedAPI8:2023 Security MisconfigurationMedium
SSL Not EnforcedAPI8:2023 Security MisconfigurationMedium
Directory TraversalAPI10:2023 Unsafe Consumption of APIsHigh