Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2024-46887 Siemens SIMATIC S7-1500 CPU 安全漏洞 — SIMATIC Drive Controller CPU 1504D TF 5.3 Medium2024-10-08
CVE-2024-8943 LatePoint <= 5.0.12 - Authentication Bypass — LatePoint Plugin 9.8 Critical2024-10-08
CVE-2024-9289 WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation — WordPress & WooCommerce Affiliate Program 9.8 Critical2024-10-01
CVE-2024-9106 Wechat Social login <= 1.3.0 - Authentication Bypass — Wechat Social login 微信QQ钉钉登录插件 9.8 Critical2024-10-01
CVE-2024-7781 Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover — Jupiter X Core 8.1 High2024-09-26
CVE-2024-43692 Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Authentication Bypass Using an Alternate Path or Channel — ProGauge MAGLINK LX CONSOLE 9.8 Critical2024-09-24
CVE-2024-8277 WooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation — WooCommerce Photo Reviews Premium 9.8 Critical2024-09-11
CVE-2024-8012 Ivanti Workspace Control 安全漏洞 — Workspace Control 7.8 High2024-09-10
CVE-2024-41173 Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD — IPC Diagnostics package 7.8 High2024-08-27
CVE-2024-7125 Authentication Bypass Vulnerability in Hitachi Ops Center Common Services — Hitachi Ops Center Common Services 7.8 High2024-08-27
CVE-2024-35151 IBM OpenPages information disclosure — OpenPages with Watson 6.5 Medium2024-08-22
CVE-2024-35214 Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows — CylanceOPTICS for Windows 7.1AIHighAI2024-08-20
CVE-2024-7628 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover — MStore API – Create Native Android & iOS Apps On The Cloud 8.1 High2024-08-15
CVE-2024-35124 IBM OpenBMC authentication bypass — OpenBMC 7.5 High2024-08-13
CVE-2024-6684 Authentication Bypass in GST Electronics' inohom Nova Panel N7 — inohom Nova Panel N7 9.8AICriticalAI2024-08-12
CVE-2024-7503 WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover — WooCommerce - Social Login 9.8 Critical2024-08-10
CVE-2024-7350 Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover — Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress 9.8 Critical2024-08-08
CVE-2024-7314 anji-plus AJ-Report Authentication Bypass — AJ-Report 9.8 Critical2024-08-02
CVE-2024-7007 Authentication Bypass Using an Alternate Path or Channel in Positron Broadcast Signal Processor TRA7005 — Broadcast Signal Processor TRA7005 9.8AICriticalAI2024-07-25
CVE-2024-7027 WooCommerce - PDF Vouchers <= 4.9.3 - Authentication Bypass to Voucher Vendor — WooCommerce - PDF Vouchers 7.3 High2024-07-24
CVE-2024-38437 D-Link - CWE-288: Authentication Bypass Using an Alternate Path or Channel — DSL-225 9.8 Critical2024-07-21
CVE-2024-6635 WooCommerce - Social Login <= 2.7.3 - Unauthenticated Authentication Bypass — WooCommerce - Social Login 7.3 High2024-07-20
CVE-2024-5620 Authentication Bypass in PruvaSoft Informatics' Apinizer Management Console — Apinizer Management Console 6.5 Medium2024-07-18
CVE-2024-6328 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.14.7 - Authentication Bypass — MStore API – Create Native Android & iOS Apps On The Cloud 9.8 Critical2024-07-12
CVE-2024-6397 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin — InstaWP Connect – 1-click WP Staging & Migration 9.8 Critical2024-07-11
CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability — parse-server 9.8 Critical2024-07-01
CVE-2024-28200 N-central Authentication Bypass — N-central 9.1 Critical2024-07-01
CVE-2024-5322 N-central Authentication Bypass via Session Rebinding — N-central 9.1 Critical2024-07-01
CVE-2024-2973 Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed — Session Smart Router 10.0 Critical2024-06-27
CVE-2024-31916 IBM OpenBMC information disclosure — OpenBMC 7.5 High2024-06-27

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.