SiteShadow
Back to vulnerability library
Detected bySecure-coding-practice checks (SCP)Pro

SCP03 Authentication and Password Management

What this means

SiteShadow flagged authentication and password handling patterns that are weak, inconsistent, or easy to bypass (weak password storage, missing MFA/lockouts, insecure reset flows, over-trusting client state).

Why it matters

Weak authentication enables account takeover and credential abuse.

Safer examples

1) Store passwords with a password hashing algorithm

import bcrypt

pw_hash = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())

2) Rate limit and lock out repeated failures

Limit by user and IP; add progressive delays for repeated failures (see RATE01-02 / CWE-799).

3) Make reset tokens high-entropy and short-lived

Use CSPRNG tokens, single-use, expiry, and bind to the account.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.