Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2025-0364 BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE — BigAnt Server 9.8 Critical2025-02-04
CVE-2024-12857 AdForest <= 5.1.8 - Authentication Bypass — AdForest 9.8 Critical2025-01-22
CVE-2025-24456 JetBrains Hub 安全漏洞 — Hub 6.7 Medium2025-01-21
CVE-2024-55591 Fortinet FortiOS和FortiProxy 安全漏洞 — FortiOS 9.6 Critical2025-01-14
CVE-2024-12402 Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation — TC Ecommerce – Create Android & iOS Apps for WooCommerce 9.8 Critical2025-01-07
CVE-2024-56044 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary User Token Generation vulnerability — WPLMS 9.8 Critical2024-12-31
CVE-2024-51464 IBM i authentication bypass — i 4.3 Medium2024-12-21
CVE-2024-11349 AdForest <= 5.1.6 - Authentication Bypass — AdForest 9.8 Critical2024-12-21
CVE-2024-43234 WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability — Woffice 9.8 Critical2024-12-16
CVE-2024-56013 WordPress Wovax IDX plugin <= 1.2.2 - Account Takeover vulnerability — Wovax IDX 8.8 High2024-12-16
CVE-2024-54336 WordPress Projectopia plugin <= 5.1.7 - Account Takeover vulnerability — Projectopia 8.8 High2024-12-13
CVE-2024-54297 WordPress vBSSO-lite plugin <= 1.4.3 - Account Takeover vulnerability — vBSSO-lite 9.8 Critical2024-12-13
CVE-2024-54296 WordPress CoSchool LMS plugin <= 1.4.3 - Account Takeover vulnerability — CoSchool LMS 9.8 Critical2024-12-13
CVE-2024-54294 WordPress Firebase OTP Authentication plugin <= 1.0.1 - Account Takeover vulnerability — Firebase OTP Authentication 9.8 Critical2024-12-13
CVE-2024-54295 WordPress ListApp Mobile Manager plugin <= 1.7.7 - Account Takeover vulnerability — ListApp Mobile Manager 9.8 Critical2024-12-13
CVE-2024-11639 Ivanti CSA 安全漏洞 — Cloud Services Application 10.0 Critical2024-12-10
CVE-2024-52586 eLabFTW MFA bypass — elabftw 5.4 Medium2024-12-09
CVE-2024-11178 Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP — Login with OTP 8.1 High2024-12-06
CVE-2024-25036 IBM Cognos Controller authentication bypass — Cognos Controller 4.3 Medium2024-12-03
CVE-2024-10490 Authentication bypass flaw in several mapp components — B&R mapp Cockpit 9.8 -2024-12-02
CVE-2024-11981 Billion Electric router - Authentication Bypass — M100 7.5 High2024-11-29
CVE-2024-52475 WordPress Wawp plugin < 3.0.18 - Account Takeover vulnerability — Wawp 9.8 Critical2024-11-28
CVE-2024-11925 WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation — JobSearch WP Job Board 9.8 Critical2024-11-28
CVE-2024-33610 Sharp MFP 安全漏洞 — Multiple MFPs (multifunction printers) 9.1 Critical2024-11-26
CVE-2024-10961 Social Login <= 5.9.0 - Authentication Bypass via Disqus OAuth provider — Social Login 9.8 Critical2024-11-23
CVE-2024-10311 External Database Based Actions <= 0.1 - Authenticated (Subscriber+) Authentication Bypass — External Database Based Actions 7.5 High2024-11-15
CVE-2024-10924 Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass — Really Simple Security Pro multisite 9.8 Critical2024-11-15
CVE-2024-47574 Fortinet FortiClient 安全漏洞 — FortiClientWindows 7.4 High2024-11-13
CVE-2024-11028 MultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 - Authentication Bypass via User Impersonation — MultiManager WP – Manage All Your WordPress Sites Easily 9.8 Critical2024-11-13
CVE-2024-10245 Relais 2FA <= 1.0 - Authentication Bypass — Relais 2FA 9.8 Critical2024-11-12

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.