Avoid observable authentication response discrepancy (Python)

CRITICAL

Rule Definition
When the product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, security-relevant information about the state of the product can be exposed such as whether a particular operation was successful or not.

Remediation
Ensure that error messages only contain minimal details that are useful to the intended audience and no one else.

Violation Code Sample

username = input("Enter your username:") password = input("Enter your password:") if valid_username(username): if valid_password(username, password): print("Login Succesful") else: print("Login Failed - incorrect password") else: print("Login Failed - unknown username")

Fixed Code Sample

username = input("Enter your username:") password = input("Enter your password:") if valid_password(username, password): print("Login Succesful") else: print("Login Failed - incorrect username or password")

Reference

CWE-204: Observable Response Discrepancy https://cwe.mitre.org/data/definitions/204.html

Related Technologies

Health Factor

Security

Technical Criterion
OWASP-2017-A3 - Sensitive Data Exposure

About CAST Appmarq

CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.

Benchmark Statistics

Global Compliance

nan%

Total Violations

0

Total Opportunities

0

Average Violations / App.

nan

The compliance score represents 1 minus the ratio between the number of times a rule has been violated compared to the number of opportunities in a set of applications that the rule could have been violated.

Industry Insights

Want more stats? Register now!