Skip to content

Access Control: Auth Bypass

Identifier: auth_bypass

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

Authenticated route bypass happens when a part of an application that should be protected from unauthorized access is left open due to flaws in its authentication process. Instead of properly checking if a user is allowed to access sensitive data or perform certain actions, the system mistakenly lets anyone through. This oversight can allow attackers to access restricted areas, steal data, or manipulate functionality they shouldnt be able to. Often, such vulnerabilities arise from misconfigured security checks, overlooked edge cases, or inconsistent token validations. Developers need to ensure every path and endpoint is thoroughly protected, consistently checking credentials to prevent unintended access.

Configuration

Example

Example configuration:

---
security_tests:
  auth_bypass:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.