Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2023-22495 Izanami is vulnerable to Authorization Bypass — izanami 9.8 Critical2023-01-14
CVE-2022-42277 NVIDIA DGX 访问控制错误漏洞 — NVIDIA DGX servers 7.5 High2023-01-13
CVE-2022-42276 NVIDIA DGX 访问控制错误漏洞 — NVIDIA DGX servers 7.5 High2023-01-13
CVE-2022-42275 NVIDIA BMC 访问控制错误漏洞 — NVIDIA DGX servers 7.7 High2023-01-13
CVE-2022-27510 Unauthorized access to Gateway user capabilities — Citrix Gateway, Citrix ADC 9.8 Critical2022-11-08
CVE-2022-26870 Dell EMC PowerStore 授权问题漏洞 — PowerStore 7.0 High2022-10-21
CVE-2022-23767 SecureGate authentication bypass vulnerability — SecureGate 8.8 High2022-09-19
CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard — xwiki-platform 8.5 High2022-09-08
CVE-2022-34372 Dell PowerProtect Cyber Recovery 授权问题漏洞 — Cyber Recovery 9.8 Critical2022-09-01
CVE-2022-2031 Samba 授权问题漏洞 — samba 8.8 -2022-08-25
CVE-2022-35869 Inductive Automation Ignition授权问题漏洞 — Ignition 9.8 -2022-07-25
CVE-2022-30623 Chcnav - P5E GNSS Authentication bypass — Chcnav - P5E GNSS 5.9 Medium2022-07-18
CVE-2021-35530 User authentication bypass in TXpert Hub CoreTec 4 — TXpert Hub CoreTec 4 version 6.0 Medium2022-06-07
CVE-2022-31022 Missing Role Based Access Control for the REST handlers in bleve/http package — bleve 6.2 Medium2022-06-01
CVE-2022-26865 DELL SupportAssist OS Recovery 授权问题漏洞 — Dell OS Recovery Tool 6.8 Medium2022-05-26
CVE-2021-32958 Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel — Secure Remote Access (SRA) Site 5.5 Medium2022-05-23
CVE-2022-1681 Authentication Bypass Using an Alternate Path or Channel in requarks/wiki — requarks/wiki 7.2 -2022-05-12
CVE-2021-31559 S2S TcpToken authentication bypass — Splunk Enterprise 7.5 High2022-05-06
CVE-2022-23723 PingFederate PingOneMFA Integration Kit MFA Bypass — PingFederate PingOne MFA Integration Kit 7.7 High2022-05-02
CVE-2022-23722 PingFederate Password Reset via Authentication API Mishandling — PingFederate 6.5 -2022-05-02
CVE-2021-3897 Lenovo Fan Power Controller2 授权问题漏洞 — Fan Power Controller2 (FPC2) 9.8 Critical2022-04-22
CVE-2021-3849 Lenovo Fan Power Controller2和Lenovo System Management Module 授权问题漏洞 — Fan Power Controller2 (FPC2) 9.8 Critical2022-04-22
CVE-2022-0992 SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup — Security Optimizer – The All-In-One Protection Plugin 9.8 Critical2022-04-19
CVE-2022-22189 Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication — Contrail Service Orchestration 7.3 High2022-04-14
CVE-2022-1067 ICSMA-22-095-01 LifePoint Informatics Patient Portal — Patient Portal 6.5 Medium2022-04-11
CVE-2021-32986 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel — CLICK PLC CPU Modules: C0-1x CPUs 9.8 Critical2022-04-04
CVE-2021-32984 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel — CLICK PLC CPU Modules: C0-1x CPUs 9.8 Critical2022-04-04
CVE-2021-32980 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel — CLICK PLC CPU Modules: C0-1x CPUs 9.8 Critical2022-04-04
CVE-2022-24813 Authentication Bypass Using an Alternate Path or Channel in CreateWiki — CreateWiki 5.3 Medium2022-04-04
CVE-2022-24047 Track-It! 授权问题漏洞 — Track-It! 9.8 -2022-02-18

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.