Originally discovered in Firefox Accounts payments API, the HawkAuth protocol (found in Postman) has an inherent weakness; no payload integrity validation