Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2025-54713 WordPress Taxi Booking Manager for WooCommerce plugin <= 1.3.0 - Broken Authentication vulnerability — Taxi Booking Manager for WooCommerce 9.8 Critical2025-08-20
CVE-2025-3639 Liferay Portal和Liferay DXP 安全漏洞 — Portal 9.8AICriticalAI2025-08-18
CVE-2025-8995 Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096 — Authenticator Login 9.8AICriticalAI2025-08-15
CVE-2024-26009 Fortinet多款产品 安全漏洞 — FortiProxy 7.9 High2025-08-12
CVE-2025-40761 Siemens多款产品 安全漏洞 — RUGGEDCOM ROX MX5000 7.6 High2025-08-12
CVE-2025-40743 Siemens多款产品 安全漏洞 — SINUMERIK 828D PPU.4 8.3 High2025-08-12
CVE-2025-55012 Zed AI Agent Remote Code Execution — zed 8.4AIHighAI2025-08-11
CVE-2025-53187 Unauthenticated RCE — ASPECT 9.8 Critical2025-08-11
CVE-2025-24000 WordPress Post SMTP plugin <= 3.2.0 - Account Takeover Vulnerability — Post SMTP 8.8 High2025-08-07
CVE-2025-44957 RUCKUS SmartZone 安全漏洞 — SmartZone 8.5 High2025-08-04
CVE-2025-7710 Brave Conversion Engine (PRO) <= 0.7.7 - Authentication Bypass to Administrator — Brave Conversion Engine (PRO) 9.8 Critical2025-08-02
CVE-2025-6895 MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function — Melapress Login Security 9.8 Critical2025-07-26
CVE-2025-7742 Authentication Bypass in LG Innotek Camera — Camera Model LNV5110R 9.8 -2025-07-24
CVE-2025-34143 ETQ Reliance CG Authentication Bypass via Trailing Space RCE — Reliance CG (legacy) 9.8 -2025-07-22
CVE-2025-7692 Orion Login with SMS <= 1.0.5 - Authentication Bypass via Weak OTP — Orion Login with SMS 8.1 High2025-07-22
CVE-2025-7444 LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider — LoginPress Pro 9.8 Critical2025-07-18
CVE-2025-1313 Nokri - Job Board WordPress Theme <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover — Nokri – Job Board WordPress Theme 8.8 High2025-07-12
CVE-2025-30026 AXIS Camera Station 安全漏洞 — AXIS Camera Station Pro 9.8AICriticalAI2025-07-11
CVE-2025-53099 Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation — sentry 7.4AIHighAI2025-07-01
CVE-2025-25171 WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability — WP SmartPay 8.8 High2025-06-27
CVE-2025-6688 Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin — Simple Payment 9.8 Critical2025-06-27
CVE-2025-6675 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082 — Enterprise MFA - TFA for Drupal 9.8AICriticalAI2025-06-26
CVE-2025-5820 Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability — XAV-AX8500 8.8AIHighAI2025-06-21
CVE-2025-51381 KAON KCM3100 安全漏洞 — KCM3100 8.8AIHighAI2025-06-18
CVE-2025-49125 Apache Tomcat: Security constraint bypass for pre/post-resources — Apache Tomcat 9.1 -2025-06-16
CVE-2025-4973 Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account' — Workreap 9.8 Critical2025-06-12
CVE-2025-30184 CyberData 011209 SIP Emergency Intercom Authentication Bypass Using an Alternate Path or Channel — 011209 SIP Emergency Intercom 9.8 Critical2025-06-09
CVE-2025-31022 WordPress PayU India plugin < 3.8.8 - Account Takeover vulnerability — PayU India 9.8 Critical2025-06-09
CVE-2025-31019 WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability — Password Policy Manager 8.8 High2025-06-09
CVE-2025-48904 Huawei HarmonyOS 安全漏洞 — HarmonyOS 4.4 Medium2025-06-06

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.