diff --git a/documentation/api/v1/login_api_doc.rb b/documentation/api/v1/login_api_doc.rb
index b100e62383..b28bf6ffff 100644
--- a/documentation/api/v1/login_api_doc.rb
+++ b/documentation/api/v1/login_api_doc.rb
@@ -153,7 +153,7 @@ module LoginApiDoc
   end
 
   swagger_path '/api/v1/logins/{id}' do
-    # Swagger documentation for api/v1/logins/:id GET
+    # Swagger documentation for /api/v1/logins/:id GET
     operation :get do
       key :description, 'Return specific login that is stored in the database.'
       key :tags, [ 'login' ]
diff --git a/lib/msf/core/web_services/servlet/login_servlet.rb b/lib/msf/core/web_services/servlet/login_servlet.rb
index 1a84015c21..1552919abe 100644
--- a/lib/msf/core/web_services/servlet/login_servlet.rb
+++ b/lib/msf/core/web_services/servlet/login_servlet.rb
@@ -21,6 +21,7 @@ module LoginServlet
 
   def self.get_logins
     lambda {
+      warden.authenticate!
       begin
         sanitized_params = sanitize_params(params, env['rack.request.query_hash'])
         data = get_db.logins(sanitized_params)
@@ -34,6 +35,7 @@ module LoginServlet
 
   def self.create_login
     lambda {
+      warden.authenticate!
       begin
         opts = parse_json_request(request, false)
         opts[:core][:workspace] = get_db.workspaces(id: opts[:workspace_id]).first
@@ -48,6 +50,7 @@ module LoginServlet
 
   def self.update_login
     lambda {
+      warden.authenticate!
       begin
         opts = parse_json_request(request, false)
         tmp_params = sanitize_params(params)
@@ -62,6 +65,7 @@ module LoginServlet
 
   def self.delete_logins
     lambda {
+      warden.authenticate!
       begin
         opts = parse_json_request(request, false)
         data = get_db.delete_logins(opts)