I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
Summary
Security researcher discloses a vulnerability in AWS API Gateway HTTP API where a trailing slash bypasses authentication, exposing account data. The issue stems from greedy path matching and a mismatch between the authorizer and the integration, allowing unauthorized access; remediation includes using REST API with stricter path matching and validating user identity in Lambdas.