API Authentication Bypass The Sentry API authentication bypass vulnerability was discovered on July 20th, 2020, affecting customers who had custom integrations with the platform. A patch was deployed shortly after and an investigation revealed no evidence of customer data exposure or exploitation in the wild. The challenge in forensics came from the lack of association between authentication tokens and requests, making it difficult to identify valid vs. invalid requests. To overcome this, Sentry used Clickhouse, a database that allows for quick filtering and correlation of log data. By narrowing down the scope using techniques such as clustering data by organization and service provider, Sentry was able to reduce the list of potentially affected customers from nearly 4,000 to 462. The investigation also highlighted the need for improvements in metadata management, penetration testing, customer communication, forensic tooling, and automated testing.