CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
GHSA-VFMJ-48R5-54J4
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation.
This issue affects MStore API: from n/a through 4.18.4.
{
"affected": [],
"aliases": [
"CVE-2026-54817"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T14:17:59Z",
"severity": "MODERATE"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation.\n\nThis issue affects MStore API: from n/a through 4.18.4.",
"id": "GHSA-vfmj-48r5-54j4",
"modified": "2026-06-17T18:35:55Z",
"published": "2026-06-17T18:35:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54817"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/mstore-api/vulnerability/wordpress-mstore-api-plugin-4-18-4-broken-authentication-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VFX3-XJMH-F34C
Vulnerability from github – Published: 2025-05-19 18:30 – Updated: 2026-04-01 18:35Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3.
{
"affected": [],
"aliases": [
"CVE-2024-33939"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-19T16:15:25Z",
"severity": "MODERATE"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS.\u00a0Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3.",
"id": "GHSA-vfx3-xjmh-f34c",
"modified": "2026-04-01T18:35:10Z",
"published": "2025-05-19T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33939"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/learning-management-system/vulnerability/wordpress-lms-by-masteriyo-plugin-1-7-3-broken-authentication-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VHRF-H3R9-63X8
Vulnerability from github – Published: 2026-01-09 18:31 – Updated: 2026-01-09 18:31In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profile of other user.
{
"affected": [],
"aliases": [
"CVE-2025-67282"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-09T16:16:07Z",
"severity": "MODERATE"
},
"details": "In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profile of other user.",
"id": "GHSA-vhrf-h3r9-63x8",
"modified": "2026-01-09T18:31:36Z",
"published": "2026-01-09T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67282"
},
{
"type": "WEB",
"url": "https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes"
},
{
"type": "WEB",
"url": "https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VJJG-C428-G9R3
Vulnerability from github – Published: 2026-01-27 21:31 – Updated: 2026-01-27 21:31An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device.
This issue affects Session Smart Router:
- from 5.6.7 before 5.6.17,
-
from 6.0 before 6.0.8 (affected from 6.0.8),
-
from 6.1 before 6.1.12-lts,
- from 6.2 before 6.2.8-lts,
- from 6.3 before 6.3.3-r2;
This issue affects Session Smart Conductor:
- from 5.6.7 before 5.6.17,
-
from 6.0 before 6.0.8 (affected from 6.0.8),
-
from 6.1 before 6.1.12-lts,
- from 6.2 before 6.2.8-lts,
- from 6.3 before 6.3.3-r2;
This issue affects WAN Assurance Managed Routers:
- from 5.6.7 before 5.6.17,
-
from 6.0 before 6.0.8 (affected from 6.0.8),
-
from 6.1 before 6.1.12-lts,
- from 6.2 before 6.2.8-lts,
- from 6.3 before 6.3.3-r2.
{
"affected": [],
"aliases": [
"CVE-2025-21589"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-27T21:15:56Z",
"severity": "CRITICAL"
},
"details": "An Authentication Bypass Using an\nAlternate Path or Channel vulnerability in Juniper Networks Session Smart\nRouter may allows a network-based attacker to bypass authentication\nand take administrative control of the device.\n\nThis issue affects Session Smart Router:\u00a0\n\n\n\n * from 5.6.7 before 5.6.17,\u00a0\n * from 6.0 before 6.0.8 (affected from 6.0.8),\n\n * from 6.1 before 6.1.12-lts,\u00a0\n * from 6.2 before 6.2.8-lts,\u00a0\n * from 6.3 before 6.3.3-r2;\u00a0\n\n\n\n\nThis issue affects Session Smart Conductor:\u00a0\n\n\n\n * from 5.6.7 before 5.6.17,\u00a0\n * from 6.0 before 6.0.8 (affected from 6.0.8),\n\n * from 6.1 before 6.1.12-lts,\u00a0\n * from 6.2 before 6.2.8-lts,\u00a0\n * from 6.3 before 6.3.3-r2;\u00a0\n\n\n\n\nThis issue affects WAN Assurance Managed Routers:\u00a0\n\n\n\n * from 5.6.7 before 5.6.17,\u00a0\n * from 6.0 before 6.0.8 (affected from 6.0.8),\n\n * from 6.1 before 6.1.12-lts,\u00a0\n * from 6.2 before 6.2.8-lts,\u00a0\n * from 6.3 before 6.3.3-r2.",
"id": "GHSA-vjjg-c428-g9r3",
"modified": "2026-01-27T21:31:50Z",
"published": "2026-01-27T21:31:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21589"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA94663"
},
{
"type": "WEB",
"url": "https://support.juniper.net/support/eol/software/ssr"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VPP6-9FCM-RV58
Vulnerability from github – Published: 2024-03-29 18:30 – Updated: 2024-08-27 21:31An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.
{
"affected": [],
"aliases": [
"CVE-2023-49231"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-294"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-29T16:15:07Z",
"severity": "CRITICAL"
},
"details": "An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.",
"id": "GHSA-vpp6-9fcm-rv58",
"modified": "2024-08-27T21:31:11Z",
"published": "2024-03-29T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49231"
},
{
"type": "WEB",
"url": "https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-003.txt"
},
{
"type": "WEB",
"url": "https://www.schutzwerk.com/blog/schutzwerk-sa-2023-003"
},
{
"type": "WEB",
"url": "https://www.visual-planning.com/en/support-portal/updates"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Apr/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VPRV-PH4X-PQGJ
Vulnerability from github – Published: 2025-05-28 18:33 – Updated: 2025-05-28 18:33The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers, as exploited in the wild in May 2025.
{
"affected": [],
"aliases": [
"CVE-2025-48926"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-28T17:15:24Z",
"severity": "MODERATE"
},
"details": "The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers, as exploited in the wild in May 2025.",
"id": "GHSA-vprv-ph4x-pqgj",
"modified": "2025-05-28T18:33:28Z",
"published": "2025-05-28T18:33:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48926"
},
{
"type": "WEB",
"url": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VR6H-M22M-795Q
Vulnerability from github – Published: 2025-08-19 21:30 – Updated: 2025-08-19 21:30An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack.
{
"affected": [],
"aliases": [
"CVE-2025-52338"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-19T19:15:36Z",
"severity": "MODERATE"
},
"details": "An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack.",
"id": "GHSA-vr6h-m22m-795q",
"modified": "2025-08-19T21:30:37Z",
"published": "2025-08-19T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52338"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/521.html"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"type": "WEB",
"url": "https://github.com/TrustStackSecurity/Advisories/tree/main/CVE-2025-52338"
},
{
"type": "WEB",
"url": "https://www.logicdata.com/products/webstore-for-erp-ecommerce-integration"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VV5R-9WCQ-CQCM
Vulnerability from github – Published: 2021-12-16 00:00 – Updated: 2022-07-26 00:01The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.
{
"affected": [],
"aliases": [
"CVE-2021-43935"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "CRITICAL"
},
"details": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.",
"id": "GHSA-vv5r-9wcq-cqcm",
"modified": "2022-07-26T00:01:12Z",
"published": "2021-12-16T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43935"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV6R-GFM2-QF53
Vulnerability from github – Published: 2025-03-07 03:31 – Updated: 2025-03-07 03:31The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verification_id' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers to log in to the first verified user.
{
"affected": [],
"aliases": [
"CVE-2025-0749"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-07T02:15:37Z",
"severity": "HIGH"
},
"details": "The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the \u0027verification_id\u0027 value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers to log in to the first verified user.",
"id": "GHSA-vv6r-gfm2-qf53",
"modified": "2025-03-07T03:31:34Z",
"published": "2025-03-07T03:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0749"
},
{
"type": "WEB",
"url": "https://favethemes.zendesk.com/hc/en-us/articles/4407721124884-Changelog"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05f87510-28c3-4ad1-b2be-2408a199cf68?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VWP4-85G8-FGJG
Vulnerability from github – Published: 2024-10-25 09:32 – Updated: 2024-10-25 09:32Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-47406"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-25T07:15:04Z",
"severity": "CRITICAL"
},
"details": "Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.",
"id": "GHSA-vwp4-85g8-fgjg",
"modified": "2024-10-25T09:32:00Z",
"published": "2024-10-25T09:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47406"
},
{
"type": "WEB",
"url": "https://global.sharp/products/copier/info/info_security_2024-10.html"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU95063136"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/20241025_01.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.