# Authentication Bypass Vulnerability

- ID: python-authentication-bypass
- Severity: CRITICAL
- CWE: Improper Authentication (CWE-287)
- Languages: Python
- Frameworks: flask, django, fastapi

## Description

Detects authentication checks that can be bypassed due to missing return statements or weak boolean logic.

## Remediation

Use early returns for authentication failures to prevent bypass.

```python
if not user or not check_password_hash(user.password_hash, password):
    return jsonify({'error': 'Invalid credentials'}), 401
```

Learn more: https://shoulder.dev/learn/python/cwe-287/authentication-bypass

## Documentation

[object Object]

## Related Rules

- **JWT Decode Used for User Identity (Authentication Bypass)** [CRITICAL]: