Why can t I obtain a user token from a compromised API

0 votes
During a penetration testing exercise, I was able to access a vulnerable API endpoint, but I can’t seem to retrieve any user tokens. I expected that, after compromising the API, I would be able to extract sensitive data, including tokens.

Could there be additional security mechanisms in place preventing token retrieval, or am I missing something in my approach? What might be the reasons for this difficulty, and are there specific techniques for handling this situation when conducting a security assessment?
Oct 25 in Cyber Security & Ethical Hacking by Anupam
• 3,890 points
60 views

No answer to this question. Be the first to respond.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.

Related Questions In Cyber Security & Ethical Hacking

0 votes
0 answers

Why can't I obtain user token from a compromised API?

Why can't I obtain user token from ...READ MORE

Oct 14 in Cyber Security & Ethical Hacking by Anupam
• 3,890 points
151 views
0 votes
1 answer

Can I determine the current IP from a known MAC Address?

ARP may be used to retrieve an ...READ MORE

answered Feb 20, 2022 in Cyber Security & Ethical Hacking by Edureka
• 12,690 points
623 views
0 votes
0 answers

How do I find and exploit an insecure API endpoint in a mobile app?

How do I find and exploit an ...READ MORE

Oct 14 in Cyber Security & Ethical Hacking by Anupam
• 3,890 points
59 views
0 votes
0 answers
0 votes
0 answers
0 votes
1 answer
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 3,320 points
97 views
+1 vote
1 answer
+1 vote
1 answer
+1 vote
1 answer
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP