Authentication

API key is not restricted to trusted hosts or apps

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

API keys are used for authentication, they are simple encrypted strings that identify an application without any principal. The API key allows access to any host (0.0.0.0 or 0.0.0.0/0 or ::0). In order to reduce attack vectors, API-Keys can be restricted only to trusted hosts.
  • Recommended Mitigation

    It is recommended to add application restrictions to API keys in order to reduce the security risks involved in using API keys.