Critical Access Control Flaw Exposes Database Reset Endpoint to Unauthenticated Access

A critical broken access control vulnerability has been identified in the application's routing layer, permitting unauthenticated actors to execute database reset operations. The flaw, catalogued as CWE-284 under pattern DEEP-002, exists in the `/admin/db-reset` endpoint at line 45 of `app/routes.py`. The exposed function performs `db.drop_all()` followed by `db.create_all()` without any authentication, authorization, or session verification checks. Security researchers reviewing the code noted that no credential or role validation stands between an incoming request and total database reconstruction.

The vulnerability's severity stems from the intersection of unrestricted access and destructive capability. Any user or automated system capable of reaching the endpoint can trigger complete database wipe and recreation. Organizations deploying this codebase face risk exposure if the endpoint is internet-accessible, as an attacker with knowledge of the route could systematically corrupt or destroy application data. The CWE-284 classification indicates an improper access control implementation failure—the system fails to enforce expected authorization boundaries for a high-privilege administrative function.

The suggested remediation involves implementing an authentication and authorization mechanism to gate access to sensitive administrative routes. Developers are advised to integrate session-based authentication using libraries such as Flask-Login, enforcing role-based access control that restricts database reset functionality to verified administrator accounts only. Until patched, organizations should audit network exposure of the affected endpoint and consider firewall rules or middleware-level restrictions as interim compensating controls.