Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2025-62064 WordPress Search & Go theme <= 2.7 - Broken Authentication vulnerability — Search & Go 9.8 Critical2025-11-06
CVE-2025-5397 Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass — Noo JobMonster 9.8 Critical2025-10-31
CVE-2025-12466 Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114 — Simple OAuth (OAuth2) & OpenID Connect 9.8AICriticalAI2025-10-29
CVE-2025-9313 Unauthorized database access in Asseco mMedica — mMedica 9.8AICriticalAI2025-10-28
CVE-2025-11621 Vault AWS auth method bypass due to AWS client cache — Vault 8.1 High2025-10-23
CVE-2025-60041 WordPress Emails Catch All plugin <= 3.5.3 - Broken Authentication vulnerability — Emails Catch All 8.8 High2025-10-22
CVE-2025-49901 WordPress Simple Link Directory plugin < 14.8.1 - Broken Authentication vulnerability — Simple Link Directory 9.8 Critical2025-10-22
CVE-2025-11534 Authentication Bypass Using an Alternate Path or Channel in Raisecomm RAX701-GC Series — RAX701-GC-WP-01 P200R002C52 9.8AICriticalAI2025-10-21
CVE-2025-58133 Zoom Rooms Clients - Authentication Bypass — Zoom Rooms 5.3 Medium2025-10-15
CVE-2025-10294 OwnID Passwordless Login <= 1.3.4 - Authentication Bypass — OwnID Passwordless Login 9.8 Critical2025-10-15
CVE-2025-9967 Orion SMS OTP Verification <= 1.1.7 - Authentication Bypass via Account Takeover — Orion SMS OTP Verification. 9.8 Critical2025-10-15
CVE-2025-8093 Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098 — Authenticator Login 9.8AICriticalAI2025-10-10
CVE-2025-11522 Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover — Search & Go - Directory WordPress Theme 9.8 Critical2025-10-09
CVE-2025-9914 SICK AG Baggage Analytics 安全漏洞 — Baggage Analytics 4.3 Medium2025-10-06
CVE-2025-6388 Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation — Spirit Framework 9.8 Critical2025-10-03
CVE-2025-10653 Raise3D Pro2 Series 3D Printers Authentication Bypass Using an Alternate Path or Channel — Pro2 Series 8.6 High2025-10-02
CVE-2025-22862 Fortinet FortiOS 安全漏洞 — FortiProxy 6.3 Medium2025-10-02
CVE-2025-61733 Apache Kylin: Authentication bypass — Apache Kylin 9.8AICriticalAI2025-10-02
CVE-2025-10538 Authentication Bypass in LG Innotek Camera — Camera Model LND7210 7.5AIHighAI2025-10-01
CVE-2025-7038 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function — LatePoint – Calendar Booking Plugin for Appointments and Events 8.2 High2025-09-30
CVE-2025-5955 Service Finder SMS System <= 2.0.0 - Authentication Bypass — Service Finder SMS System 8.1 High2025-09-19
CVE-2025-8359 AdForest <= 6.0.9 - Authentication Bypass to Admin — AdForest 9.8 Critical2025-09-06
CVE-2025-54738 WordPress Jobmonster Theme <= 4.7.9 - Broken Authentication Vulnerability — Jobmonster 9.8 Critical2025-08-28
CVE-2025-54725 WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability — Golo 9.8 Critical2025-08-28
CVE-2025-34520 Arcserve UDP < 10.2 Authentication Bypass — Unified Data Protection (UDP) 9.8AICriticalAI2025-08-27
CVE-2025-5821 Case Theme User <= 1.0.3 - Authentication Bypass via Social Login — Case Theme User 9.8 Critical2025-08-23
CVE-2025-5060 Bravis User <= 1.0.1 - Authentication Bypass to Account Takeover — Bravis User 8.1 High2025-08-23
CVE-2025-7642 Simpler Checkout 0.7.0 - 1.1.9 - Authentication Bypass — Simpler Checkout 9.8 Critical2025-08-23
CVE-2025-24496 Tenda AC6 安全漏洞 — AC6 V5.0 7.5 High2025-08-20
CVE-2025-27129 Tenda AC6 安全漏洞 — AC6 V5.0 9.8 Critical2025-08-20

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.