# Improper Authentication (CWE-287)

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

**Stack:** Python

- Prevalence: उच्च बार-बार शोषित
- Impact: क्रिटिकल 2 क्रिटिकल गंभीरता वाले नियम
- Prevention: प्रलेखित 2 फिक्स उदाहरण

**OWASP:** Identification and Authentication Failures (A07:2021-Identification and Authentication Failures) - #7

## Description

Authentication is the process of determining if a claimed identity is correct. When authentication is insufficient or incorrect, attackers can assume the identity of legitimate users.

## Prevention

1 Shoulder डिटेक्शन नियमों पर आधारित Improper Authentication के लिए रोकथाम रणनीतियाँ।

### Python

Use early returns for authentication failures and constant-time comparison

## Warning Signs

- [CRITICAL] authentication checks that can be bypassed due to missing return statements or weak boolean logic

## Consequences

- विशेषाधिकार प्राप्त करना
- सुरक्षा तंत्र को बायपास करना
- एप्लिकेशन डेटा पढ़ना

## Mitigations

- बहु-कारक प्रमाणीकरण का उपयोग करें
- प्रमाणीकरण के लिए सत्यापित लाइब्रेरी या फ़्रेमवर्क का उपयोग करें
- उचित पासवर्ड नीतियाँ लागू करें

## Detection

- Total rules: 2
- Critical: 2
- Languages: javascript, typescript, python

## Rules by Language

### Python (1 rules)

- **Authentication Bypass Vulnerability** [CRITICAL]: Detects authentication checks that can be bypassed due to missing return statements or weak boolean logic.
  - Remediation: Use early returns for authentication failures to prevent bypass.

```python
if not user or not check_password_hash(user.password_hash, password):
    return jsonify({'error': 'Invalid credentials'}), 401
```

Learn more: https://shoulder.dev/learn/python/cwe-287/authentication-bypass