Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2025-2747 Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass — Xperience 9.8 Critical2025-03-24
CVE-2025-2746 Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass — Xperience 9.8 Critical2025-03-24
CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover — Service Finder Bookings 9.8 Critical2025-03-19
CVE-2024-13772 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.6.1 - Authentication Bypass — Civi - Job Board & Freelance Marketplace WordPress Theme 5.6 Medium2025-03-14
CVE-2024-13771 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update — Civi - Job Board & Freelance Marketplace WordPress Theme 9.8 Critical2025-03-14
CVE-2024-11286 WP JobHunt <= 7.1 - Authentication Bypass — WP JobHunt 9.8 Critical2025-03-14
CVE-2025-2080 Optigo Networks Visual BACnet Capture Tool和Optigo Visual Networks Capture Tool 安全漏洞 — Visual BACnet Capture Tool 9.8 -2025-03-13
CVE-2025-29996 Authentication Bypass Vulnerability in CAP back office application — CAP back office application 8.1 -2025-03-13
CVE-2024-13446 Workreap <= 3.2.5 - Unauthenticated Privilege Escalation via Account Takeover — Workreap 9.8 Critical2025-03-12
CVE-2025-1315 InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password Reset — InWave Jobs 9.8 Critical2025-03-07
CVE-2024-9658 School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation — School Management System for Wordpress 8.8 High2025-03-07
CVE-2025-0749 Homey <= 2.4.3 - Limited Authentication Bypass due to Missing Empty Value Check — Homey 8.1 High2025-03-07
CVE-2025-1515 WP Real Estate Manager <= 2.8 - Authentication Bypass via Account Takeover — WP Real Estate Manager 9.8 Critical2025-03-05
CVE-2025-24846 Century Systems FutureNet AS series 安全漏洞 — FutureNet AS-250/S 7.5 High2025-03-03
CVE-2025-1671 Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover — Academist Membership 9.8 Critical2025-03-01
CVE-2025-1564 SetSail Membership <= 1.0.3 - Authentication Bypass via Account Takeover — SetSail Membership 9.8 Critical2025-03-01
CVE-2025-1638 Alloggio Membership <= 1.1 - Authentication Bypass via Social Login Account Takeover — Alloggio Membership 9.8 Critical2025-03-01
CVE-2025-0159 IBM FlashSystem authentication bypass — Storage Virtualize 9.1 Critical2025-02-28
CVE-2025-1739 Multiple vulnerabilities in Trivision Camera NC227WF — Camera NC227WF 7.1 High2025-02-27
CVE-2025-1717 Login Me Now <= 1.7.2 - Authentication Bypass — Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress 8.1 High2025-02-27
CVE-2025-26966 WordPress PrivateContent plugin <= 8.11.5 - Unauthenticated Account Takeover vulnerability — PrivateContent 9.8 Critical2025-02-25
CVE-2025-26700 Siber Systems RoboForm Password Manager 安全漏洞 — RoboForm Password Manager 4.6 -2025-02-17
CVE-2025-1283 Dingtian DT-R0 Series Authentication Bypass Using an Alternate Path or Channel — DT-R002 9.8 Critical2025-02-13
CVE-2024-13182 WP Directorybox Manager <= 2.5 - Authentication Bypass — WP Directorybox Manager 9.8 Critical2025-02-13
CVE-2025-24472 Fortinet FortiOS 安全漏洞 — FortiProxy 8.1 High2025-02-11
CVE-2025-0181 WP Foodbakery <= 4.8 - Authentication Bypass in foodbakery_parse_request — WP Foodbakery 9.8 Critical2025-02-11
CVE-2025-0316 WP Directorybox Manager <= 2.5 - Authentication Bypass — WP Directorybox Manager 9.8 Critical2025-02-08
CVE-2025-1061 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider — Nextend Social Login Pro 9.8 Critical2025-02-07
CVE-2025-0674 Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel — Signum DVB-S/S2 IRD 9.8 Critical2025-02-06
CVE-2025-23217 Mitmweb API Authentication Bypass Using Proxy Server — mitmproxy 9.1 -2025-02-06

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.