Improper Authentication (CWE-287) - Security Vulnerability

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Authentication is the process of determining if a claimed identity is correct. When authentication is insufficient or incorrect, attackers can assume the identity of legitimate users.

보급률

높음

자주 악용됨

영향

치명적

2개의 치명적 심각도 규칙

예방

문서화됨

2개의 수정 예시

2 예방

이 취약점을 수정하는 방법

2개의 Shoulder 탐지 규칙을 기반으로 한 Improper Authentication 예방 전략.

🟨 JavaScript 모두 보기 JavaScript 자세히 →

JWT Decode Used for User Identity (Authentication Bypass) CRITICAL

Use jwt.verify() instead of jwt.decode() when assigning user identity

+3 -1 javascript

- const decoded = jwt.decode(token);
+ const decoded = jwt.verify(token, process.env.JWT_SECRET, {
+   algorithms: ['HS256']
+ });
  req.user = decoded;

🐍 Python 모두 보기 Python 자세히 →

Authentication Bypass Vulnerability CRITICAL

Use early returns for authentication failures and constant-time comparison

+8 -7 python

  from flask import request, jsonify
- 
- @app.route('/login', methods=['POST'])
- def login():
-     user = User.query.filter_by(username=request.json['username']).first()
-     if user and user.password == request.json['password']:
-         return jsonify({'token': generate_token(user)})
-     return jsonify({'error': 'Invalid'}), 401
+ from werkzeug.security import check_password_hash
+ 
+ @app.route('/login', methods=['POST'])
+ def login():
+     user = User.query.filter_by(username=request.json['username']).first()
+     if not user or not check_password_hash(user.password_hash, request.json['password']):
+         return jsonify({'error': 'Invalid credentials'}), 401
+     return jsonify({'token': generate_token(user)})

3 탐지

코드에서 취약점 찾기

Shoulder를 사용하여 코드에서 Improper Authentication 패턴을 스캔하세요. 2 규칙.

터미널

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=287

# Or scan entire project
npx @shoulderdev/cli trust .

탐지 규칙 (2)

🟨 Javascript 1 rules

JWT Decode Used for User Identity (Authentication Bypass) CRITICAL

Detects when jwt.decode() output is used for user identity, allowing complete authentication bypass since decode() does not verify signatures.

🔷 Typescript 1 rules

JWT Decode Used for User Identity (Authentication Bypass) CRITICAL

Detects when jwt.decode() output is used for user identity, allowing complete authentication bypass since decode() does not verify signatures.

🐍 Python 1 rules

Authentication Bypass Vulnerability CRITICAL

Detects authentication checks that can be bypassed due to missing return statements or weak boolean logic.

4 경고 신호

코드 리뷰에서 주의할 점

이 패턴은 잠재적인 Improper Authentication 취약점을 나타냅니다. 코드 리뷰와 보안 감사 중에 찾아보세요.

🔴

when jwt javascript-jwt-unverified-user-identity

🔴

authentication checks that can be bypassed due to missing return statements or weak boolean logic python-authentication-bypass

🔍

코드베이스를 스캔하세요: Improper Authentication

Shoulder CLI는 전체 코드베이스에서 취약한 패턴을 찾아냅니다.

npx shoulder trust 모든 규칙 보기