Domain ka.api.dbd-online.de
The Netherlands
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-18 09:34
Last seen 2026-02-02 02:52
Open for 75 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499c19afec7c862252acd4627b30081405cac99c68Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/v1/auth/login/{clientSessionId} GET /api/v1/auth/logout/{clientSessionId} GET /api/v1/auth/token/{clientSessionId} GET /api/v1/element/current-dbd-key/{clientSessionId} GET /api/v1/session/home-url/{clientSessionId} GET /api/v1/settings/all/{partnerId} GET /api/v1/settings/price-range/{clientSessionId} GET /api/v1/settings/region/{clientSessionId} GET /api/v1/settings/site-equipment/{clientSessionId} GET /api/v1/settings/version POST /api/v1/ai/set-interactive-data POST /api/v1/dbdkey/calculation-data POST /api/v1/dbdkey/check POST /api/v1/dbdkey/description POST /api/v1/dbdkey/features POST /api/v1/dbdkey/features-set POST /api/v1/dbdkey/refresh POST /api/v1/dbdkey/taxonomies POST /api/v1/element/set-dbd-key POST /api/v1/session/begin-session POST /api/v1/session/end-session/{clientSessionId} POST /api/v1/settings/price-range/{clientSessionId}/{priceRange} POST /api/v1/settings/site-equipment/{clientSessionId}/{siteEquipment}Found on 2026-02-02 02:52
-