Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The guide instructs users to open the web UI with the gateway token embedded in the URL query string. Query-string secrets are commonly exposed through browser history, screenshots, screen sharing, copy/paste, crash reports, referer leakage, and terminal or proxy logs, which can grant unauthorized access to the gateway if the token is reused.
