AWS logo
Amazon CodeGuruDetector Library

Improper authentication High

Failure to verify a user's identity results in improper authentication. This can allow an attacker to acquire privileges to access sensitive data in your application.

Detector ID
python/improper-authentication@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1def improper_authentication_noncompliant(token):
2    import jwt
3    # Noncompliant: The verify flag is set to false.
4    jwt.decode(token, verify=False)

Compliant example

1def improper_authentication_compliant(token):
2    import jwt
3    # Compliant: The verify flag is set to true.
4    jwt.decode(token, verify=True)