Misconfigured Reverse Proxy Servers Spill Credentials

Researchers created a proof-of-concept attack that allows remote attackers to access protected APIs to extract credentials.