1. Critical Healthcare App Flaw: Spoofable X-User-ID Header Allows Trivial User Impersonation, Violates HIPAA
A fundamental authentication flaw in a healthcare application's backend exposes protected health information (PHI) to trivial impersonation attacks. The system currently authenticates users by blindly trusting a client-sent `X-User-ID` header. This means any user who knows or can guess a valid UUID—including an adminis...