Description
It's possible to access the APISIX's Admin API by using the default access token. Therefore, an attacker can interact with the server as an administrator which leads to takeover of the server.
Remediation
Change the default access token and restrict access to API