shinobi uses insecure access controls. An attacker is able to access the User/Admin/Super
API functions through the use of JS Proto Method names held in an internal JS Object and trick the System into accepting supplied API Key that exists in the underlying JS object.