Skip to content

Authenticated route bypass

Description

Some data returned are not well advertised in your schema

Remediation

Update your schema to match the real return types

REST Specific

Asp_net Ensure that all routes in the ASP.NET application are properly authenticated by implementing and enforcing authentication checks. Use the [Authorize] attribute on controllers and actions to restrict access to authenticated users. Additionally, review and update the routing configuration to prevent unauthorized access to sensitive data. Regularly audit your route authorization logic to ensure it aligns with your security policies.
Ruby_on_rails Ensure proper authorization checks are in place for each controller action. Use before_action callbacks in your controllers to verify that the current user is permitted to access the route. Additionally, consider using a robust authorization framework like Pundit or CanCanCan to manage permissions more effectively.
Next_js Ensure all routes are properly authenticated by implementing middleware that verifies user credentials or tokens before processing requests. Use Next.js API routes with built-in or custom authentication checks, and consistently apply these checks across all endpoints to prevent unauthorized access.
Laravel Ensure that all routes are properly protected by middleware that checks for authentication and authorization. Use Laravel's built-in authentication guards and gate features to control access to routes. Regularly audit your routes file to ensure that new routes adhere to the security policies.
Express_js Ensure all routes are protected with appropriate middleware that verifies authentication and authorization. Update route handlers to check for user credentials and permissions before processing requests. Regularly audit your route configurations to prevent bypass vulnerabilities.
Django Ensure that all views that handle sensitive data require proper authentication by using Django's built-in decorators such as @login_required for function-based views or LoginRequiredMixin for class-based views. Additionally, validate that all routes correctly check user permissions and that the Django ORM queries are properly scoped to the authenticated user to prevent unauthorized access.
Symfony Ensure that all routes in the Symfony application are properly secured by implementing access controls. Use the 'security.yaml' configuration file to define access rules and apply appropriate authentication checks before granting access to sensitive routes. Additionally, validate and sanitize all user inputs to prevent unauthorized data exposure.
Spring_boot Ensure that all routes are properly secured by configuring Spring Security to authenticate and authorize requests. Use method-level security with annotations like @PreAuthorize to protect controller methods based on roles or permissions. Regularly review your security configuration to prevent bypasses.
Flask Ensure all Flask routes that require authentication are properly protected by using decorators such as @login_required. Verify that the user is authenticated and authorized to access the route before processing the request. Additionally, review and update route permissions regularly to prevent unauthorized access.
Nuxt Ensure all routes are properly authenticated by implementing middleware that verifies user credentials before granting access to any sensitive data or actions. Regularly review and update route permissions to align with the principle of least privilege.
Fastapi Ensure that all routes in the FastAPI application require proper authentication by using dependency injection to incorporate security dependencies into the path operation functions. Additionally, validate that the OpenAPI schema generated by FastAPI accurately reflects all route parameters and responses to prevent undocumented access.
Frappe Ensure all routes are properly authenticated and authorized by implementing middleware checks in the Frappe framework to validate user permissions before granting access.
Genzio Ensure all routes in the Genzio framework engine are properly authenticated and authorized by updating the schema to accurately reflect access controls and permissions.
Gin Ensure all routes requiring authentication in the Gin framework are properly secured by implementing middleware that verifies user credentials and permissions before granting access.
Gorilla Ensure all routes in the Gorilla framework are properly authenticated and authorized by implementing middleware that checks user permissions before granting access.
Hapi Ensure all routes have proper authentication and authorization checks in place, and validate the returned data against the defined schema using Hapi's Joi validation.
Hono Ensure all routes are properly authenticated and authorized by implementing comprehensive access control checks and updating the schema to accurately reflect the data being returned.
Jersey Ensure that all routes requiring authentication are properly secured by implementing role-based access control and verifying user permissions in the Jersey framework.
Koa Ensure all routes in the Koa framework are properly authenticated by implementing middleware that verifies user credentials before granting access to protected resources.
Ktor Ensure that all routes requiring authentication are properly secured by implementing authentication checks and middleware in the Ktor framework to prevent unauthorized access.
Leptos Ensure that all routes requiring authentication are properly protected by verifying user credentials and session tokens before granting access.
Macaron Ensure that all routes requiring authentication in the Macaron framework are properly protected by middleware, and verify that the returned data aligns with the defined schema to prevent unauthorized access.
Phoenix Ensure that all routes requiring authentication are properly secured by using Phoenix's built-in authentication plugs and verify that all data returned is explicitly defined in your schema to prevent unauthorized access.
Redwoodjs Ensure that all routes requiring authentication are properly protected by using RedwoodJS's built-in authentication mechanisms, such as the `requireAuth` function, to prevent unauthorized access.
Rocket Ensure all routes in the Rocket framework are properly authenticated by implementing middleware that checks for valid authentication tokens before granting access.
Sveltekit Ensure that all routes requiring authentication in the SvelteKit framework are properly protected by implementing robust access control checks and updating the schema to accurately reflect the data being returned.

Configuration

Identifier: access_control/auth_bypass

Examples

Ignore this check

checks:
  access_control/auth_bypass:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API2:2023
  • OWASP LLM: LLM06:2023
  • pci: 6.5.10
  • gdpr: Article-32
  • soc2: CC1
  • psd2: Article-95
  • iso27001: A.14.2
  • nist: SP800-53
  • fedramp: AC-4

Classification

  • CWE: 285

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • CVSS_SCORE: 6.5