CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
GHSA-47M7-6X3Q-V8MC
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
{
"affected": [],
"aliases": [
"CVE-2026-40785"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T21:16:50Z",
"severity": "HIGH"
},
"details": "Subscriber Broken Authentication in AutomatorWP \u003c= 5.6.7 versions.",
"id": "GHSA-47m7-6x3q-v8mc",
"modified": "2026-06-15T21:30:46Z",
"published": "2026-06-15T21:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40785"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/automatorwp/vulnerability/wordpress-automatorwp-plugin-5-6-7-broken-authentication-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-48HJ-M29R-7395
Vulnerability from github – Published: 2026-07-08 21:30 – Updated: 2026-07-09 18:31A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset
{
"affected": [],
"aliases": [
"CVE-2026-36028"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-08T20:16:48Z",
"severity": "MODERATE"
},
"details": "A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset",
"id": "GHSA-48hj-m29r-7395",
"modified": "2026-07-09T18:31:40Z",
"published": "2026-07-08T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36028"
},
{
"type": "WEB",
"url": "https://code.com"
},
{
"type": "WEB",
"url": "https://companion.com"
},
{
"type": "WEB",
"url": "https://github.com/redr0nin/Code-27-Companion-Hub-Exploits"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-48WV-CP4Q-QCJC
Vulnerability from github – Published: 2025-09-30 12:30 – Updated: 2025-09-30 12:30The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and related customer fields before invoking the internal login handler without verifying login status, capability checks, or a valid AJAX nonce. This makes it possible for unauthenticated attackers to log into any customer’s account.
{
"affected": [],
"aliases": [
"CVE-2025-7038"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-30T11:37:43Z",
"severity": "HIGH"
},
"details": "The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and related customer fields before invoking the internal login handler without verifying login status, capability checks, or a valid AJAX nonce. This makes it possible for unauthenticated attackers to log into any customer\u2019s account.",
"id": "GHSA-48wv-cp4q-qcjc",
"modified": "2025-09-30T12:30:52Z",
"published": "2025-09-30T12:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7038"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/latepoint.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/lib/controllers/steps_controller.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3366851%40latepoint\u0026new=3366851%40latepoint\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/latepoint/#developers"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7389e17-a357-481a-8716-3a93cb6afa7c?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-492V-C6PP-MQQV
Vulnerability from github – Published: 2026-05-11 15:54 – Updated: 2026-05-14 20:38Impact
Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected content to be rendered without passing the expected middleware check.
Fix
We now only honor internal route-parameter normalization in trusted routing flows and ignore externally supplied parameter encodings that should never have been accepted from ordinary requests.
Workarounds
If you cannot upgrade immediately, enforce authorization in route or page logic instead of relying solely on middleware path matching.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "next"
},
"ranges": [
{
"events": [
{
"introduced": "15.4.0"
},
{
"fixed": "15.5.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "next"
},
"ranges": [
{
"events": [
{
"introduced": "16.0.0"
},
{
"fixed": "16.2.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44574"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T15:54:08Z",
"nvd_published_at": "2026-05-13T17:16:22Z",
"severity": "HIGH"
},
"details": "### Impact\n\nApplications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected content to be rendered without passing the expected middleware check.\n\n### Fix\n\nWe now only honor internal route-parameter normalization in trusted routing flows and ignore externally supplied parameter encodings that should never have been accepted from ordinary requests.\n\n### Workarounds\n\nIf you cannot upgrade immediately, enforce authorization in route or page logic instead of relying solely on middleware path matching.",
"id": "GHSA-492v-c6pp-mqqv",
"modified": "2026-05-14T20:38:03Z",
"published": "2026-05-11T15:54:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44574"
},
{
"type": "PACKAGE",
"url": "https://github.com/vercel/next.js"
},
{
"type": "WEB",
"url": "https://github.com/vercel/next.js/releases/tag/v15.5.16"
},
{
"type": "WEB",
"url": "https://github.com/vercel/next.js/releases/tag/v16.2.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Next.js has a Middleware / Proxy bypass through dynamic route parameter injection"
}
GHSA-49Q8-X2PC-39WF
Vulnerability from github – Published: 2025-06-03 06:31 – Updated: 2025-06-03 06:31The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This makes it possible for unauthenticated attackers to log in as any user, including administrators, provided they know the user's email address.
{
"affected": [],
"aliases": [
"CVE-2025-4797"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T05:15:20Z",
"severity": "CRITICAL"
},
"details": "The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user\u0027s identity prior to setting an authorization cookie. This makes it possible for unauthenticated attackers to log in as any user, including administrators, provided they know the user\u0027s email address.",
"id": "GHSA-49q8-x2pc-39wf",
"modified": "2025-06-03T06:31:13Z",
"published": "2025-06-03T06:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4797"
},
{
"type": "WEB",
"url": "https://themeforest.net/item/golo-directory-listing-travel-wordpress-theme/25397810"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b56ec1-8735-4404-8069-219f5d8866d0?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4F53-XH3V-G8X4
Vulnerability from github – Published: 2024-04-17 17:31 – Updated: 2024-08-07 12:31Keycloak does not correctly validate its client step-up authentication. A password-authed attacker could use this flaw to register a false second auth factor, alongside the existing one, to a targeted account. The second factor then permits step-up authentication.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "22.0.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "23.0.0"
},
{
"fixed": "24.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-3597"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-17T17:31:50Z",
"nvd_published_at": "2024-04-25T13:15:50Z",
"severity": "MODERATE"
},
"details": "Keycloak does not correctly validate its client step-up authentication. A password-authed attacker could use this flaw to register a false second auth factor, alongside the existing one, to a targeted account. The second factor then permits step-up authentication.",
"id": "GHSA-4f53-xh3v-g8x4",
"modified": "2024-08-07T12:31:28Z",
"published": "2024-04-17T17:31:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3597"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1866"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1867"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1868"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-3597"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221760"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Keycloak secondary factor bypass in step-up authentication"
}
GHSA-4F6X-H73M-PQ6F
Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-26 18:31Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2.
{
"affected": [],
"aliases": [
"CVE-2026-25035"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T17:16:43Z",
"severity": "CRITICAL"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through \u003c= 28.1.2.2.",
"id": "GHSA-4f6x-h73m-pq6f",
"modified": "2026-03-26T18:31:33Z",
"published": "2026-03-25T18:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25035"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-28-1-2-2-account-takeover-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4FCP-HV44-RGGC
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-05-27 15:33In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel. This vulnerability is independent of the telephone exchanges configuration. If remote access is disabled, calling with this caller ID will temporarily enable it.
This issue was fixed in versions below: - IPL-256: version 6.61.0040 - IPM-032: version 6.61.0040 - CCT-1668: version 6.56.0430 - MAC-6400: version 6.56.0430 - CXS-0424: version 6.30.0510
The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below: - CCT-1668 (CCT1CPU) - MAC-6400 - CXS-0424 These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.
{
"affected": [],
"aliases": [
"CVE-2026-35090"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:16:45Z",
"severity": "CRITICAL"
},
"details": "In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID.\u00a0This allows them to bypass admin authentication and\u00a0gain full access to the service protocol and configuration panel. This vulnerability is independent of the telephone exchanges configuration.\u00a0If remote access is disabled, calling with this caller ID will temporarily enable it.\n\nThis issue was fixed in versions below:\n- IPL-256: version 6.61.0040\n- IPM-032: version 6.61.0040\n- CCT-1668: version 6.56.0430\n- MAC-6400: version 6.56.0430\n- CXS-0424: version 6.30.0510\n\nThe issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:\n- CCT-1668 (CCT1CPU)\n- MAC-6400\n- CXS-0424\nThese products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.",
"id": "GHSA-4fcp-hv44-rggc",
"modified": "2026-05-27T15:33:11Z",
"published": "2026-05-27T15:33:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35090"
},
{
"type": "WEB",
"url": "https://cert.pl/posts/2026/05/CVE-2026-35087"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4FFQ-5GPQ-HVRG
Vulnerability from github – Published: 2024-12-13 15:30 – Updated: 2026-04-01 18:32Authentication Bypass Using an Alternate Path or Channel vulnerability in InspireUI ListApp Mobile Manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through 1.7.7.
{
"affected": [],
"aliases": [
"CVE-2024-54295"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-13T15:15:33Z",
"severity": "CRITICAL"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in InspireUI ListApp Mobile Manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through 1.7.7.",
"id": "GHSA-4ffq-5gpq-hvrg",
"modified": "2026-04-01T18:32:43Z",
"published": "2024-12-13T15:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54295"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/listapp-mobile-manager/vulnerability/wordpress-listapp-mobile-manager-plugin-1-7-7-account-takeover-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4GM4-C4MH-4P7W
Vulnerability from github – Published: 2024-06-17 22:28 – Updated: 2024-06-17 22:28Impact
A MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to your Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password.
Patches
Problem has been patched in Firefly III v6.1.17 and up.
Workarounds
- Use a unique password for your Firefly III instance,
- Store your password securely, i.e. in a password manager or in your head.
References
- https://owasp.org/www-community/attacks/Password_Spraying_Attack
- https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "grumpydictator/firefly-iii"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-37893"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-17T22:28:28Z",
"nvd_published_at": "2024-06-17T20:15:13Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nA MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to your Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password.\n\n### Patches\n\nProblem has been patched in Firefly III v6.1.17 and up.\n\n### Workarounds\n\n- Use a unique password for your Firefly III instance,\n- Store your password securely, i.e. in a password manager or in your head.\n\n### References\n\n- https://owasp.org/www-community/attacks/Password_Spraying_Attack\n- https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass\n\n",
"id": "GHSA-4gm4-c4mh-4p7w",
"modified": "2024-06-17T22:28:28Z",
"published": "2024-06-17T22:28:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37893"
},
{
"type": "PACKAGE",
"url": "https://github.com/firefly-iii/firefly-iii"
},
{
"type": "WEB",
"url": "https://owasp.org/www-community/attacks/Password_Spraying_Attack"
},
{
"type": "WEB",
"url": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Firefly III has a MFA bypass in oauth flow"
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.