Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Authentication is the process of determining if a claimed identity is correct. When authentication is insufficient or incorrect, attackers can assume the identity of legitimate users.
普遍性
高
频繁被利用
影响
关键
2 条严重级别为关键的规则
预防
已记录
2 个修复示例
2 预防
2 预防
如何修复此漏洞
基于 2 条 Shoulder 检测规则的 Improper Authentication 预防策略。
JavaScript
查看全部 JavaScript 详情 →
JWT Decode Used for User Identity (Authentication Bypass)
CRITICAL
Use jwt.verify() instead of jwt.decode() when assigning user identity
- const decoded = jwt.decode(token); + const decoded = jwt.verify(token, process.env.JWT_SECRET, { + algorithms: ['HS256'] + }); req.user = decoded;
Python
查看全部 Python 详情 →
Authentication Bypass Vulnerability
CRITICAL
Use early returns for authentication failures and constant-time comparison
from flask import request, jsonify - - @app.route('/login', methods=['POST']) - def login(): - user = User.query.filter_by(username=request.json['username']).first() - if user and user.password == request.json['password']: - return jsonify({'token': generate_token(user)}) - return jsonify({'error': 'Invalid'}), 401 + from werkzeug.security import check_password_hash + + @app.route('/login', methods=['POST']) + def login(): + user = User.query.filter_by(username=request.json['username']).first() + if not user or not check_password_hash(user.password_hash, request.json['password']): + return jsonify({'error': 'Invalid credentials'}), 401 + return jsonify({'token': generate_token(user)})
3 检测
3 检测
查找代码中的漏洞
使用Shoulder扫描代码中的Improper Authentication模式。 2 规则.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=287 # Or scan entire project npx @shoulderdev/cli trust .
检测规则 (2)
4 警告信号
4 警告信号
代码审查中需要关注的内容
这些模式表明潜在的Improper Authentication漏洞。在代码审查和安全审计中注意查找。
authentication checks that can be bypassed due to missing return statements or weak boolean logic
python-authentication-bypass