Improper authentication High

Failure to verify a user's identity results in improper authentication. This can allow an attacker to acquire privileges to access sensitive data in your application.

Detector ID

Noncompliant example

1def improper_authentication_noncompliant(token):
2    import jwt
3    # Noncompliant: The verify flag is set to false.
4    jwt.decode(token, verify=False)

Compliant example

1def improper_authentication_compliant(token):
2    import jwt
3    # Compliant: The verify flag is set to true.
4    jwt.decode(token, verify=True)