Improper Authentication (CWE-287) - Security Vulnerability

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Authentication is the process of determining if a claimed identity is correct. When authentication is insufficient or incorrect, attackers can assume the identity of legitimate users.

普及度

高

頻繁に悪用される

影響度

クリティカル

2 件の重大度クリティカルなルール

予防

文書化済み

2 件の修正例

2 予防

この脆弱性の修正方法

2 件の Shoulder 検出ルールに基づく Improper Authentication の予防策。

🟨 JavaScript すべて表示 JavaScript 詳細 →

JWT Decode Used for User Identity (Authentication Bypass) CRITICAL

Use jwt.verify() instead of jwt.decode() when assigning user identity

+3 -1 javascript

- const decoded = jwt.decode(token);
+ const decoded = jwt.verify(token, process.env.JWT_SECRET, {
+   algorithms: ['HS256']
+ });
  req.user = decoded;

🐍 Python すべて表示 Python 詳細 →

Authentication Bypass Vulnerability CRITICAL

Use early returns for authentication failures and constant-time comparison

+8 -7 python

  from flask import request, jsonify
- 
- @app.route('/login', methods=['POST'])
- def login():
-     user = User.query.filter_by(username=request.json['username']).first()
-     if user and user.password == request.json['password']:
-         return jsonify({'token': generate_token(user)})
-     return jsonify({'error': 'Invalid'}), 401
+ from werkzeug.security import check_password_hash
+ 
+ @app.route('/login', methods=['POST'])
+ def login():
+     user = User.query.filter_by(username=request.json['username']).first()
+     if not user or not check_password_hash(user.password_hash, request.json['password']):
+         return jsonify({'error': 'Invalid credentials'}), 401
+     return jsonify({'token': generate_token(user)})

3 検出

コードの脆弱性を見つける

Shoulderを使用してコードのImproper Authenticationパターンをスキャンしましょう。 2 ルール.

ターミナル

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=287

# Or scan entire project
npx @shoulderdev/cli trust .

検出ルール (2)

🟨 Javascript 1 rules

JWT Decode Used for User Identity (Authentication Bypass) CRITICAL

Detects when jwt.decode() output is used for user identity, allowing complete authentication bypass since decode() does not verify signatures.

🔷 Typescript 1 rules

JWT Decode Used for User Identity (Authentication Bypass) CRITICAL

Detects when jwt.decode() output is used for user identity, allowing complete authentication bypass since decode() does not verify signatures.

🐍 Python 1 rules

Authentication Bypass Vulnerability CRITICAL

Detects authentication checks that can be bypassed due to missing return statements or weak boolean logic.

4 警告サイン

コードレビューで注目すべき点

これらのパターンはImproper Authenticationの潜在的な脆弱性を示しています。コードレビューとセキュリティ監査中に探してください。

🔴

when jwt javascript-jwt-unverified-user-identity

🔴

authentication checks that can be bypassed due to missing return statements or weak boolean logic python-authentication-bypass

🔍

コードベースをスキャン: Improper Authentication

Shoulder CLI はコードベース全体から脆弱なパターンを見つけます。

npx shoulder trust すべてのルールを表示