Fixing the authentication bypass vulnerability affecting REST APIs