PTC Vuforia Studio does not require a token; this could allow an
attacker with local access to perform a cross-site request forgery
attack or a replay attack.
An attacker with local access to the machine could record the traffic,
which could allow them to resend requests without the server
authenticating that the user or session are valid.