CWE-287 Improper Authentication
What this means
SiteShadow flagged an authentication pattern that can be bypassed or behaves incorrectly (missing checks, "trust the client" auth, weak token validation, or inconsistent auth across endpoints).
Why it matters
Improper authentication can allow unauthorized access.
- Account takeover if attackers can bypass login or session checks.
- Privilege escalation if "admin-only" endpoints don't consistently enforce auth.
- Data exposure when "optional auth" returns extra data to unauthenticated users.
Safer examples
1) Centralize auth middleware and make it default
Prefer "authenticated unless explicitly public."
2) Validate tokens/credentials robustly
- Verify signatures (JWT/session tokens)
- Validate expiry, issuer, audience where applicable
- Rotate/revoke tokens on suspicious activity
3) Test auth boundaries
Add integration tests that assert 401/403 for unauthenticated requests to sensitive endpoints.
How SiteShadow detects it (high level)
- Identifies sensitive routes/handlers and checks for common auth middleware/guards.
- Flags inconsistent auth enforcement (some routes guarded, others not) for similar operations.
References
- CWE-287: https://cwe.mitre.org/data/definitions/287.html
---