Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2025-4797 Golo <= 1.7.0 - Authentication Bypass to Account Takeover — Golo - City Travel Guide WordPress Theme 9.8 Critical2025-06-03
CVE-2025-5190 Browse As <= 0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie — Browse As 8.8 High2025-05-30
CVE-2025-48926 TeleMessage 安全漏洞 — service 4.3 Medium2025-05-28
CVE-2025-47461 WordPress Subaccounts for WooCommerce plugin <= 1.6.6 - Account Takeover vulnerability — Subaccounts for WooCommerce 8.8 High2025-05-23
CVE-2025-34026 Versa Concerto Actuator Authentication Bypass Information Leak — Concerto 9.8AICriticalAI2025-05-21
CVE-2025-46412 Vertiv Liebert RDU101 and UNITY Authentication Bypass Using an Alternate Path or Channel — Liebert RDU101 9.8 Critical2025-05-21
CVE-2025-48011 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-062 — One Time Password 9.8AICriticalAI2025-05-21
CVE-2025-48010 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-061 — One Time Password 9.8AICriticalAI2025-05-21
CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA — typo3 7.2 High2025-05-20
CVE-2024-33939 WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability — Masteriyo - LMS 5.3 Medium2025-05-19
CVE-2025-47710 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056 — Enterprise MFA - TFA for Drupal 9.8AICriticalAI2025-05-14
CVE-2025-47707 Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053 — Enterprise MFA - TFA for Drupal 9.8AICriticalAI2025-05-14
CVE-2025-4427 Authentication Bypass — Endpoint Manager Mobile 5.3 Medium2025-05-13
CVE-2025-22462 Ivanti Neurons for ITSM 安全漏洞 — Neurons for ITSM (on-prem) 9.8 Critical2025-05-13
CVE-2025-40581 Siemens SCALANCE LPE9403 安全漏洞 — SCALANCE LPE9403 7.1 High2025-05-13
CVE-2025-0549 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLab 6.8 Medium2025-05-09
CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover — PeproDev Ultimate Profile Solutions 9.8 Critical2025-05-07
CVE-2024-12225 Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass 9.1 Critical2025-05-06
CVE-2025-1909 BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider — BuddyBoss Platform Pro 9.8 Critical2025-05-05
CVE-2025-47244 Inedo ProGet 安全漏洞 — ProGet 7.3 High2025-05-03
CVE-2025-2492 ASUS AiCloud 安全漏洞 — Router 9.8 -2025-04-18
CVE-2024-42178 HCL MyXalytics is affected by a failure to restrict URL access vulnerability — HCL MyXalytics 2.5 Low2025-04-17
CVE-2025-39535 WordPress Vitepos plugin <= 3.1.7 - Broken Authentication Vulnerability — Vitepos 7.2 High2025-04-17
CVE-2025-32357 Zammad 安全漏洞 — Zammad 4.3 Medium2025-04-05
CVE-2024-13553 SMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation — SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery 9.8 Critical2025-04-01
CVE-2024-56325 Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required — Apache Pinot 9.8AICriticalAI2025-04-01
CVE-2025-22277 WordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerability — Vitepos 8.8 High2025-04-01
CVE-2025-31095 WordPress Material Dashboard plugin <= 1.4.5 - Privilege Escalation Vulnerability — Material Dashboard 9.8 Critical2025-04-01
CVE-2025-31694 Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023 — Two-factor Authentication (TFA) 9.4 -2025-03-31
CVE-2025-22230 Authentication bypass vulnerability — VMware Tools 7.8 High2025-03-25

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.