WB-S-3 — Attacker guesses or brute-forces admin bearer token
Component: Wallet Backend. Mitigations: 256-bit random token; constant-time comparison. Action: Enforce explicit token via env/file for production (do not use auto-generated)
| Property | Value |
|---|---|
| Section | Spoofing |
| Owner | operator |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-01 | FIDO2/WebAuthn Passwordless Authentication |
| SID-HARD-03 | Network Segmentation (Separate Server Ports) |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md