Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2019-5486 GitLab 授权问题漏洞 — GitLab CE/EE 9.8 -2019-12-18
CVE-2019-18250 ABB Power Generation Information Manager和Plant Connect 授权问题漏洞 — ABB Power Generation Information Manager (PGIM) and Plant Connect All Versions 8.1 -2019-11-25
CVE-2019-3758 Dell EMC RSA Archer 授权问题漏洞 — RSA Archer 9.8 -2019-09-18
CVE-2019-5473 GitLab 授权问题漏洞 — gitlab.com 7.2 -2019-09-09
CVE-2019-13526 Datalogic AV7000 Linear Barcode Scanner 授权问题漏洞 — Datalogic AV7000 Linear barcode scanner 9.8 -2019-08-29
CVE-2019-5451 Nextcloud Android app 访问控制错误漏洞 — com.nextcloud.client 4.6 -2019-07-30
CVE-2019-5453 Nextcloud Android app 授权问题漏洞 — com.nextcloud.client 6.1 -2019-07-30
CVE-2019-5455 Nextcloud Android app 授权问题漏洞 — com.nextcloud.client 6.8 -2019-07-30
CVE-2019-6551 Pangea Communications Internet FAX ATA 授权问题漏洞 — Pangea Communications Internet FAX ATA 7.5 -2019-02-28
CVE-2018-19000 LCDS LAquis SCADA 授权问题漏洞 — LCDS Laquis SCADA 7.5 -2019-02-05
CVE-2018-17918 CIRCONTROL CirCarLife 授权问题漏洞 — Circontrol CirCarLife all versions prior to 4.3.1 9.8 -2018-11-02
CVE-2018-8859 Echelon SmartServer 1、SmartServer 2和i.LON 100 安全漏洞 — SmartServer 1 9.8 -2018-07-24
CVE-2018-5386 Some Navarino Infinity functions placed in the URL can bypass any authentication mechanism leading to an information leak — Infinity 7.5 -2018-07-24
CVE-2016-9497 Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel — HN7740S 8.8 -2018-07-13
CVE-2018-4852 Siemens SICLOCK TC100和SICLOCK TC400 安全漏洞 — SICLOCK TC100, SICLOCK TC400 9.8 -2018-07-03
CVE-2018-10841 GlusterFS 权限许可和访问控制问题漏洞 — glusterfs 8.8 -2018-06-20
CVE-2017-9944 Siemens 7KT PAC1200 Data Manager 安全漏洞 — Siemens 7KT PAC1200 data manager (7KT1260) All versions < V2.03 9.8 -2017-12-26
CVE-2017-6871 Siemens SIMATIC WinCC Sm@rtClient for Android和Android Lite 安全漏洞 — SIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android 6.8 -2017-08-08
CVE-2017-5174 Geutebruck IP Camera G-Cam/EFD-2250 安全漏洞 — Geutebruck IP Cameras 9.8 -2017-05-19

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.