Techly NewsGet the app

Get the latest tech news

I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty


I was poking at a fintech’s mobile API and noticed something that made no sense. GET /v1/accounts returned 401. GET /v1/accounts/ returned...

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of AWS API Gateway

AWS API Gateway

Photo of AWS API Gateway auth

AWS API Gateway auth

Photo of trailing slash

trailing slash

« Forza Horizon 6 players are being tormented by 'drivatar' bowieknife99, but the real racer behind the bot remains a mystery
Phantasy Star IV – 1993 Developer Interviews »