BestHub
Sign in
Tagged articles
2 articles
Page 1 of 1
Black & White Path
Black & White Path
Jun 8, 2026 · Information Security

How a Single Authorization Header Bypassed Authentication and Earned a $3,000 Bounty

Security researcher ALR discovered that a web application only checks for the presence of the Authorization header, allowing any request with "Authorization: Basic"—even without credentials—to access around 50 API endpoints, leading to a critical authentication bypass and a $3,000 bounty.

Authentication BypassAuthorization HeaderBug Bounty
0 likes · 5 min read
How a Single Authorization Header Bypassed Authentication and Earned a $3,000 Bounty
JavaEdge
JavaEdge
Aug 20, 2023 · Information Security

Cookie vs Authorization Header: Which Token Storage Method Is Safer?

This article compares storing authentication tokens in cookies versus the Authorization header, outlining each method's implementation, advantages, drawbacks, security implications such as XSS and CSRF risks, cross‑domain considerations, and compliance with authentication standards.

Authorization HeaderToken StorageWeb Security
0 likes · 5 min read
Cookie vs Authorization Header: Which Token Storage Method Is Safer?