Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2024-10284 CE21 Suite <= 2.2.0 - Authentication Bypass — CE21 Suite 9.8 Critical2024-11-09
CVE-2024-10081 CodeChecker 安全漏洞 — CodeChecker 10.0 Critical2024-11-06
CVE-2024-50503 WordPress User Toolkit plugin <= 1.2.3 - Account Takeover vulnerability — User Toolkit 9.8 Critical2024-10-30
CVE-2024-9989 Crypto <= 2.18 - Authentication Bypass via log_in — Crypto Tool 9.8 Critical2024-10-29
CVE-2024-9988 Crypto <= 2.19 - Authentication Bypass via register — Crypto Tool 9.8 Critical2024-10-29
CVE-2024-50334 Semicolon Path Injection on API /api;/config — scoold 7.5AIHighAI2024-10-29
CVE-2024-50488 WordPress Token Login plugin <= 1.0.3 - Broken Authentication vulnerability — Token Login 8.8 High2024-10-28
CVE-2024-50477 WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerability — Stacks Mobile App Builder 9.8 Critical2024-10-28
CVE-2024-50486 WordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerability — Acnoo Flutter API 9.8 Critical2024-10-28
CVE-2024-50487 WordPress MaanStore API plugin <= 1.0.1 - Account Takeover vulnerability — MaanStore API 9.8 Critical2024-10-28
CVE-2024-50489 WordPress Realty Workstation plugin <= 1.0.45 - Account Takeover vulnerability — Realty Workstation 9.8 Critical2024-10-28
CVE-2024-10438 Sunnet eHRD CTMS - Authentication Bypass — eHRD CTMS 7.5 High2024-10-28
CVE-2024-9501 Wp Social Login and Register Social Counter <= 3.0.7 - Authentication Bypass via WordPress.com OAuth provider — Wp Social Login and Register Social Counter 9.8 Critical2024-10-26
CVE-2024-9930 Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass — Extensions by HocWP Team 9.8 Critical2024-10-26
CVE-2024-9890 User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass — User Toolkit 8.8 High2024-10-26
CVE-2024-9933 WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check — WatchTowerHQ 9.8 Critical2024-10-26
CVE-2024-9931 Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator — Wux Blog Editor 9.8 Critical2024-10-26
CVE-2024-10381 Authentication Bypass Vulnerability in Matrix Door Controller — Matrix Door Controller Cosec Vega FAXQ 9.8 -2024-10-25
CVE-2024-47406 Sharp MFP 安全漏洞 — Sharp Digital Full-color MFPs and Monochrome MFPs 9.1 Critical2024-10-25
CVE-2024-9488 Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider — Comments – wpDiscuz 9.8 Critical2024-10-25
CVE-2024-49675 WordPress iBryl Switch User plugin <= 1.0.1 - Account Takeover vulnerability — iBryl Switch User 8.8 High2024-10-23
CVE-2024-10002 Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator — Rover IDX 8.8 High2024-10-22
CVE-2024-49328 WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability — WP REST API FNS 9.8 Critical2024-10-20
CVE-2024-49604 WordPress Simple User Registration plugin <= 6.7 - Broken Authentication vulnerability — Simple User Registration 9.8 Critical2024-10-20
CVE-2024-9861 Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass — Miniorange OTP Verification with Firebase 8.1 High2024-10-17
CVE-2024-9893 Nextend Social Login Pro <= 3.1.14 - Authentication Bypass via WordPress.com OAuth provider — Nextend Social Login Pro 9.8 Critical2024-10-16
CVE-2024-49247 WordPress BuddyPress Better Registration plugin <= 1.6 - Broken Authentication vulnerability — BuddyPress Better Registration 9.8 Critical2024-10-16
CVE-2024-9105 UltimateAI <= 2.8.3 - Authentication Bypass — Ultimate AI 9.8 Critical2024-10-16
CVE-2024-9822 Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator — Pedalo Connector 9.8 Critical2024-10-11
CVE-2024-9522 WP Users Masquerade <= 2.0.0 - Authenticated (Subscriber+) Authentication Bypass — WP Users Masquerade 8.8 High2024-10-10

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.