CA API Developer Portal 4.3.1 and previous versions handles shared secret keys in an insecure manner, which allows malicious users to bypass authorization.
broadcom ca api developer portal