Source: dzone.com
API Security Weekly: Issue #96Category: Database, Security, Data
by Cisco has released a set of patches for their Data Center Network Manager (DCNM), a platform for managing Cisco data centers.
An attacker could exploit this vulnerability by using the static key to craft a valid session token.
Embarrassingly enough, in the beginning of this year Cisco already patched one issue that involved static API key in DCNM.
Matt Keil, Director of Product Marketing at Cequence Security, sheds light on the API-side of this latter leak: “Data Viper, a purported security company, lost its database as a result of poor API secure coding practices – the developer left their credentials exposed in an API usage document.
An attacker could exploit this vulnerability by using the static key to craft a valid session token.
Embarrassingly enough, in the beginning of this year Cisco already patched one issue that involved static API key in DCNM.
Matt Keil, Director of Product Marketing at Cequence Security, sheds light on the API-side of this latter leak: “Data Viper, a purported security company, lost its database as a result of poor API secure coding practices – the developer left their credentials exposed in an API usage document.
Related Articles
Community Partners
DevOps Careers