Is using a visible basic auth header token considered hacking? – Digitalmunition




Home Forums Is using a visible basic auth header token considered hacking?

This topic contains 1 reply, has 2 voices, and was last updated by  rossja 1 month, 2 weeks ago.

  • Author
    Posts
  • #354946

    anonymous
    Participant

    There is a govt contracted website providing public data that uses an API run by a contracted company and the requests are secured by a visible header token you can see by looking at the request in browser dev tools.

    This API is promised by the state dept of revenue, but there’s no way to “sign up” for it.

    Would consuming this API for another service by using the visible header token be considered “hacking” in a general legal sense in the US?

  • #354947

    rossja

    Almost certainly, yes. They could argue that some one violated the CFAA by gaining access to content they were not explicitly given permission for, and they could argue that the DMCA was violated because basic auth uses encoding, which could be argued is a protection mechanism technically.

You must be logged in to reply to this topic.