Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2021-34977 NETGEAR R7000 授权问题漏洞 — R7000 8.8 -2022-01-13
CVE-2021-33017 Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel — IntelliBridge EC 40 Hub 8.1 High2021-12-27
CVE-2021-43985 mySCADA myPRO — myPRO 9.1 Critical2021-12-23
CVE-2021-21952 Eufy Anker Eufy Homebase 授权问题漏洞 — Anker" 9.8 -2021-12-22
CVE-2021-27453 Mesa Labs AmegaView authentication bypass — AmegaView 7.3 High2021-12-21
CVE-2021-43935 ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products — Welch Allyn Q-Stress Cardiac Stress Testing System 8.1 High2021-12-15
CVE-2021-36308 Dell Networking OS10 授权问题漏洞 — Networking OS 5.9 Medium2021-11-20
CVE-2021-41292 ECOA BAS controller - Broken Authentication — ECS Router Controller ECS (FLASH) 9.8 Critical2021-09-30
CVE-2021-33700 SAP Business One 授权问题漏洞 — SAP Business One 7.8 -2021-09-15
CVE-2021-32967 Delta Electronics DIAEnergie 授权问题漏洞 — Delta Electronics DIAEnergie 9.8 -2021-08-30
CVE-2021-28131 Impala logs contain secrets — Apache Impala 8.8 -2021-07-22
CVE-2020-27865 D-Link DAP-1860和TCP 授权问题漏洞 — DAP-1860 8.8 -2021-02-11
CVE-2020-27866 多款Netgear产品授权问题漏洞 — Multiple Routers 8.8 -2021-02-11
CVE-2020-27863 D-Link DVA-2800 and DSL-2888A 授权问题漏洞 — Multiple Routers 6.5 -2021-02-11
CVE-2020-13185 Teradici Cloud Access Connector 安全漏洞 — - Cloud Access Connector - Cloud Access Connector Legacy 7.5 -2021-02-11
CVE-2020-10048 SIMATIC PCS 7 和 SIMATIC WinCC 授权问题漏洞 — SIMATIC PCS 7 7.1 -2021-02-09
CVE-2020-10148 SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands — Orion Platform 9.8 -2020-12-29
CVE-2020-17409 mini_httpd 安全漏洞 — Multiple Routers 6.5 -2020-10-13
CVE-2020-10283 RVD#3317: MAVLink version handshaking allows for an attacker to bypass authentication — MAVLink 9.8 -2020-08-20
CVE-2020-5384 RSA MFA Agent 授权问题漏洞 — RSA Authentication Agent for Microsoft Windows 8.4 High2020-07-31
CVE-2020-15633 D-Link DIR-867和DIR-878 安全漏洞 — Multiple Routers 8.8 -2020-07-23
CVE-2020-14485 OpenClinic GA 授权问题漏洞 — OpenClinic GA 9.8 -2020-07-20
CVE-2020-14477 Philips Ultrasound Systems Authentication Bypass Using an Alternate Path or Channel — Ultrasound ClearVue 3.6 Low2020-06-26
CVE-2020-4050 set-screen-option filter misuse by plugins leading to privilege escalation in WordPress — wordpress-develop 3.5 Low2020-06-12
CVE-2020-6091 爱普生 EPSON EB-1470Ui 授权问题漏洞 — Epson 7.5 -2020-05-22
CVE-2020-11005 Internal NCryptDecrypt method could be used externally from WindowsHello library. — WindowsHello 5.1 Medium2020-04-14
CVE-2020-1637 Junos OS: SRX Series: Unified Access Control (UAC) bypass vulnerability — Junos OS 7.2 High2020-04-08
CVE-2020-1618 Junos OS: EX and QFX Series: Console port authentication bypass vulnerability — Junos OS 6.3 Medium2020-04-08
CVE-2019-5165 Moxa AWK-3131A 授权问题漏洞 — Moxa 7.2 -2020-02-25
CVE-2019-9510 Microsoft Windows RDP can bypass the Windows lock screen — Windows 10 or newer system using RDP 5.3 Medium2020-01-15

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.