Improper Authentication High

Failing to properly verify user identities and authenticate against strong credentials enables attackers to bypass authentication controls. Weaknesses like hardcoded, empty, or missing credential checks allow unauthorized system and data access. User identities must be verified against secure credentials retrieved from env vars, vaults etc. before granting access. Proper authentication controls including credential strength verification are essential to prevent malicious login and account compromise.

Detector ID

kotlin/improper-authentication@v1.0

Category

Security

Common Weakness Enumeration (CWE)

CWE-287

Tags

Noncompliant example

1// Noncompliant: Permiting anonymous users to execute LDAP statements
2fun noncompliant(env: Environment): Void {
3    env.put(Context.SECURITY_AUTHENTICATION, "none")
4    val ctx: DirContext = InitialDirContext(env)
5}

Compliant example

1// Compliant: Enforcing authentication for LDAP statements
2fun compliant(env: Environment): Void {
3    env.put(Context.SECURITY_AUTHENTICATION, "simple")
4    val ctx: DirContext = InitialDirContext(env)
5}

Q

Detector Library

Kotlin detectors (23/23)

Improper Authentication High

Noncompliant example

Compliant example