Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2024-5432 Lifeline Donation <= 1.2.6 - Authentication Bypass — Lifeline Donation 9.8 Critical2024-06-20
CVE-2024-3496 Authentication Bypass Vulnerability — Toshiba Tec e-Studio multi-function peripheral (MFP) 8.8 High2024-06-14
CVE-2024-38279 Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) — Vigilant Fixed LPR Coms Box (BCAV1F2-C600) 4.6AIMediumAI2024-06-13
CVE-2024-2012 Hitachi FOXMAN-UN 安全漏洞 — FOXMAN-UN 9.1 Critical2024-06-11
CVE-2024-2013 Hitachi FOXMAN-UN 安全漏洞 — FOXMAN-UN 10.0 Critical2024-06-11
CVE-2024-4552 Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass — Social Login Lite For WooCommerce 9.8 Critical2024-06-04
CVE-2024-36470 JetBrains TeamCity 安全漏洞 — TeamCity 8.1 High2024-05-29
CVE-2024-5150 Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check — OTP Login With Phone Number, OTP Verification 9.8 Critical2024-05-29
CVE-2024-5204 Swiss Toolkit For WP <= 1.0.7 - Authenticated (Contributor+) Authentication Bypass — Swiss Toolkit For WP 8.8 High2024-05-29
CVE-2024-4544 Pie Register - Social Sites Login (Add on) <= 1.7.7 - Authentication Bypass — Pie Register - Social Sites Login (Add on) 9.8 Critical2024-05-24
CVE-2024-4393 Social Connect <= 1.2 - Authentication Bypass — Social Connect 9.8 Critical2024-05-08
CVE-2024-4186 Edwiser Bridge <= 3.0.5 - Authentication Bypass due to Missing Empty Value Check — Edwiser Bridge – WordPress Moodle Integration 9.8 Critical2024-05-07
CVE-2024-31463 Ironic-image allows unauthenticated local access to Ironic API — ironic-image 4.7 Medium2024-04-17
CVE-2024-1646 Authentication Bypass in parisneo/lollms-webui — parisneo/lollms-webui 9.8 -2024-04-16
CVE-2024-2056 Artica Proxy Loopback Services Remotely Accessible Unauthenticated — Artica Proxy 7.5AIHighAI2024-03-05
CVE-2024-2055 Artica Proxy Unauthenticated File Manager Vulnerability — Artica Proxy 9.8AICriticalAI2024-03-05
CVE-2024-27198 JetBrains TeamCity 安全漏洞 — TeamCity 9.8 Critical2024-03-04
CVE-2024-1525 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLab 5.3 Medium2024-02-21
CVE-2024-1709 Authentication bypass using an alternate path or channel — ScreenConnect 10.0 Critical2024-02-21
CVE-2024-21491 svix 安全漏洞 — svix 5.9 Medium2024-02-13
CVE-2024-23917 JetBrains TeamCity 安全漏洞 — TeamCity 9.8 Critical2024-02-06
CVE-2023-6718 Authentication Bypass Using an Alternate Path or Channel in Repox — Repox 9.4 Critical2023-12-13
CVE-2023-2437 UserPro <= 5.1.1 - Authentication Bypass to Administrator — UserPro - Community and User Profile WordPress Plugin 9.8 Critical2023-11-22
CVE-2023-42770 Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel — ST-IPm-8460 10.0 Critical2023-11-21
CVE-2023-3277 MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation — MStore API – Create Native Android & iOS Apps On The Cloud 9.8 Critical2023-11-03
CVE-2023-41351 Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control — NOKIA G-040W-Q 9.8 Critical2023-11-03
CVE-2023-20247 Cisco Firepower Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 5.0 Medium2023-11-01
CVE-2023-46747 BIG-IP Configuration utility unauthenticated remote code execution vulnerability — BIG-IP 9.8 Critical2023-10-26
CVE-2023-39930 PingFederate PingID Radius PCV Authentication Bypass — PingID Radius PCV 7.5 High2023-10-24
CVE-2023-39231 PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass — PingOne MFA Integration Kit 7.3 High2023-10-24

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.