Skip to main content

Authenticated route bypass

Description

Some data returned are not well advertised in your schema

Remediation

Update your schema to match the real return types

REST Specific

Asp_net

Ensure that all routes in the ASP.NET application are properly authenticated by implementing and enforcing authentication checks. Use the [Authorize] attribute on controllers and actions to restrict access to authenticated users. Additionally, review and update the routing configuration to prevent unauthorized access to sensitive data. Regularly audit your route authorization logic to ensure it aligns with your security policies.

Ruby_on_rails

Ensure proper authorization checks are in place for each controller action. Use before_action callbacks in your controllers to verify that the current user is permitted to access the route. Additionally, consider using a robust authorization framework like Pundit or CanCanCan to manage permissions more effectively.

Next_js

Ensure all routes are properly authenticated by implementing middleware that verifies user credentials or tokens before processing requests. Use Next.js API routes with built-in or custom authentication checks, and consistently apply these checks across all endpoints to prevent unauthorized access.

Laravel

Ensure that all routes are properly protected by middleware that checks for authentication and authorization. Use Laravel's built-in authentication guards and gate features to control access to routes. Regularly audit your routes file to ensure that new routes adhere to the security policies.

Express_js

Ensure all routes are protected with appropriate middleware that verifies authentication and authorization. Update route handlers to check for user credentials and permissions before processing requests. Regularly audit your route configurations to prevent bypass vulnerabilities.

Django

Ensure that all views that handle sensitive data require proper authentication by using Django's built-in decorators such as @login_required for function-based views or LoginRequiredMixin for class-based views. Additionally, validate that all routes correctly check user permissions and that the Django ORM queries are properly scoped to the authenticated user to prevent unauthorized access.

Symfony

Ensure that all routes in the Symfony application are properly secured by implementing access controls. Use the 'security.yaml' configuration file to define access rules and apply appropriate authentication checks before granting access to sensitive routes. Additionally, validate and sanitize all user inputs to prevent unauthorized data exposure.

Spring_boot

Ensure that all routes are properly secured by configuring Spring Security to authenticate and authorize requests. Use method-level security with annotations like @PreAuthorize to protect controller methods based on roles or permissions. Regularly review your security configuration to prevent bypasses.

Flask

Ensure all Flask routes that require authentication are properly protected by using decorators such as @login_required. Verify that the user is authenticated and authorized to access the route before processing the request. Additionally, review and update route permissions regularly to prevent unauthorized access.

Nuxt

Ensure all routes are properly authenticated by implementing middleware that verifies user credentials before granting access to any sensitive data or actions. Regularly review and update route permissions to align with the principle of least privilege.

Fastapi

Ensure that all routes in the FastAPI application require proper authentication by using dependency injection to incorporate security dependencies into the path operation functions. Additionally, validate that the OpenAPI schema generated by FastAPI accurately reflects all route parameters and responses to prevent undocumented access.

Configuration

Identifier: access_control/auth_bypass

Examples

Ignore this check

checks:
access_control/auth_bypass:
skip: true

Score

  • Escape Severity: LOW

Compliance

  • OWASP: API2:2023

  • pci: 6.5.10

  • gdpr: Article-32

  • soc2: CC1

  • psd2: Article-95

  • iso27001: A.14.2

  • nist: SP800-53

  • fedramp: AC-4

Classification

  • CWE: 285

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • CVSS_SCORE: 6.5