Summary by thrill_comrade12-
Exposed API Endpoints Leading to Disclosure of User Information
Overview:
During a security assessment, a publicly exposed API endpoint (https://rmakp.nasa.gov/rest/api/content/16121857) was identified, revealing sensitive information such as usernames, user keys, and display names. Additionally, the endpoint lacked proper rate limiting, allowing unauthorized enumeration of user data.
Business Impact:
This vulnerability poses a serious risk by exposing user information, enabling attackers to perform social engineering, brute-force attacks, and credential stuffing. The absence of rate limiting increases the potential for large-scale data breaches, leading to compliance issues, reputational damage, and a loss of customer trust.