CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
GHSA-54R4-PPJ3-FQ8F
Vulnerability from github – Published: 2022-07-01 00:01 – Updated: 2022-07-12 00:00PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.
{
"affected": [],
"aliases": [
"CVE-2022-23719"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-30T20:15:00Z",
"severity": "MODERATE"
},
"details": "PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.",
"id": "GHSA-54r4-ppj3-fq8f",
"modified": "2022-07-12T00:00:54Z",
"published": "2022-07-01T00:01:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23719"
},
{
"type": "WEB",
"url": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html"
},
{
"type": "WEB",
"url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-54X7-Q6M6-MJQV
Vulnerability from github – Published: 2023-06-08 03:30 – Updated: 2024-04-04 04:40The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.
{
"affected": [],
"aliases": [
"CVE-2023-2986"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-08T02:15:09Z",
"severity": "CRITICAL"
},
"details": "The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.",
"id": "GHSA-54x7-q6m6-mjqv",
"modified": "2024-04-04T04:40:21Z",
"published": "2023-06-08T03:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2986"
},
{
"type": "WEB",
"url": "https://github.com/TycheSoftwares/woocommerce-abandoned-cart/pull/885#issuecomment-1601813615"
},
{
"type": "WEB",
"url": "https://github.com/Ayantaker/CVE-2023-2986"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-abandoned-cart/trunk/woocommerce-ac.php#L1815"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-abandoned-cart/trunk/woocommerce-ac.php?rev=2916178#L1800"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/2922242"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2925274%40woocommerce-abandoned-cart\u0026new=2925274%40woocommerce-abandoned-cart\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/blog/2023/06/tyche-softwares-addresses-authentication-bypass-vulnerability-in-abandoned-cart-lite-for-woocommerce-wordpress-plugin"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68052614-204f-4237-af0e-4b8210ebd59f?source=cve"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/172966/WordPress-Abandoned-Cart-Lite-For-WooCommerce-5.14.2-Authentication-Bypass.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/173018/WordPress-Abandoned-Cart-Lite-For-WooCommerce-5.14.2-Authentication-Bypass.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-556J-VP5W-5QJ6
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2024-04-04 01:58RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.
{
"affected": [],
"aliases": [
"CVE-2019-3758"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-521"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-18T23:15:00Z",
"severity": "CRITICAL"
},
"details": "RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.",
"id": "GHSA-556j-vp5w-5qj6",
"modified": "2024-04-04T01:58:21Z",
"published": "2022-05-24T16:56:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3758"
},
{
"type": "WEB",
"url": "https://community.rsa.com/docs/DOC-106759"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106759/DSA-2019-127-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-557X-V644-WJ6Q
Vulnerability from github – Published: 2025-12-18 18:30 – Updated: 2026-04-28 21:35Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.
{
"affected": [],
"aliases": [
"CVE-2025-64236"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T17:15:55Z",
"severity": "CRITICAL"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.",
"id": "GHSA-557x-v644-wj6q",
"modified": "2026-04-28T21:35:51Z",
"published": "2025-12-18T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64236"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/tuturn/vulnerability/wordpress-tuturn-plugin-3-6-broken-authentication-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/wordpress/plugin/tuturn/vulnerability/wordpress-tuturn-plugin-3-6-broken-authentication-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-58F6-6RJ2-3V8R
Vulnerability from github – Published: 2026-07-02 20:29 – Updated: 2026-07-02 20:29Summary
When Steeltoe management endpoints are configured to listen on an alternate port (Management:Endpoints:Port is configured), the middleware responsible for restricting access to the endpoints uses the Host HTTP header rather than the actual network socket port.
Impact
An unauthenticated remote attacker can reach every actuator endpoint using a specially crafted HTTP request.
Affected configuration
- The application's public port is accessible over from the network.
Management:Endpoints:Portis configured to a value different from the application's main listener port.- The request scheme matches
Management:Endpoints:SslEnabled. For example,httpwhenSslEnabledisfalse(the default), orhttpswhenSslEnabledistrue.
Mitigations
If an immediate upgrade to a patched version is not possible:
- Add explicit ASP.NET Core authorization (
RequireAuthorization) to all sensitive actuator endpoints as a defense-in-depth measure independent of port isolation. - Configure the reverse proxy or load balancer to enforce the
Hostheader value and prevent clients from setting an arbitrary port.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Steeltoe.Management.Endpoint"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Steeltoe.Management.EndpointCore"
},
"ranges": [
{
"events": [
{
"introduced": "3.2.2"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-50194"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-02T20:29:13Z",
"nvd_published_at": "2026-06-17T22:16:23Z",
"severity": "HIGH"
},
"details": "### Summary\n\nWhen Steeltoe management endpoints are configured to listen on an alternate port (`Management:Endpoints:Port` is configured), the middleware responsible for restricting access to the endpoints uses the `Host` HTTP header rather than the actual network socket port. \n\n### Impact\n\nAn unauthenticated remote attacker can reach every actuator endpoint using a specially crafted HTTP request.\n\n### Affected configuration\n\n- The application\u0027s public port is accessible over from the network.\n- `Management:Endpoints:Port` is configured to a value different from the application\u0027s main listener port.\n- The request scheme matches `Management:Endpoints:SslEnabled`. For example, `http` when `SslEnabled` is `false` (the default), or `https` when `SslEnabled` is `true`.\n\n### Mitigations\n\nIf an immediate upgrade to a patched version is not possible:\n\n- Add explicit ASP.NET Core authorization (`RequireAuthorization`) to all sensitive actuator endpoints as a defense-in-depth measure independent of port isolation.\n- Configure the reverse proxy or load balancer to enforce the `Host` header value and prevent clients from setting an arbitrary port.",
"id": "GHSA-58f6-6rj2-3v8r",
"modified": "2026-07-02T20:29:13Z",
"published": "2026-07-02T20:29:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-58f6-6rj2-3v8r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50194"
},
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/Steeltoe/commit/4cbc352fe89ac2e6c609554e435ab28996fec5e9"
},
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/Steeltoe/commit/b7ca93c510aaa08d7e4ebec40ce20c5811c2c4b6"
},
{
"type": "PACKAGE",
"url": "https://github.com/SteeltoeOSS/steeltoe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Steeltoe vulnerable to management-port isolation bypass via spoofed Host header"
}
GHSA-5CVP-P7P4-MCX9
Vulnerability from github – Published: 2026-05-18 14:20 – Updated: 2026-06-09 10:30Neotoma versions starting at v0.6.0 can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present.
In affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the hosted Inspector and related API surface reachable without credentials.
Impact: unauthorized access to production data exposed through the Inspector/API on affected deployments.
Affected condition: a public deployment behind a reverse proxy or same-host tunnel that forwards traffic to the Node process over loopback.
Remediation implemented on the main branch: local-request detection now fails closed in production unless loopback trust is explicitly enabled, and forwarded public clients remain remote.
Patched release version is pending; this draft will be updated once the fix is released.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "neotoma"
},
"ranges": [
{
"events": [
{
"introduced": "0.6.0"
},
{
"fixed": "0.11.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45577"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-18T14:20:06Z",
"nvd_published_at": "2026-05-29T18:17:10Z",
"severity": "MODERATE"
},
"details": "Neotoma versions starting at v0.6.0 can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present.\n\nIn affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the hosted Inspector and related API surface reachable without credentials.\n\nImpact: unauthorized access to production data exposed through the Inspector/API on affected deployments.\n\nAffected condition: a public deployment behind a reverse proxy or same-host tunnel that forwards traffic to the Node process over loopback.\n\nRemediation implemented on the main branch: local-request detection now fails closed in production unless loopback trust is explicitly enabled, and forwarded public clients remain remote.\n\nPatched release version is pending; this draft will be updated once the fix is released.",
"id": "GHSA-5cvp-p7p4-mcx9",
"modified": "2026-06-09T10:30:37Z",
"published": "2026-05-18T14:20:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/markmhendrickson/neotoma/security/advisories/GHSA-5cvp-p7p4-mcx9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45577"
},
{
"type": "PACKAGE",
"url": "https://github.com/markmhendrickson/neotoma"
},
{
"type": "WEB",
"url": "https://github.com/markmhendrickson/neotoma/releases/tag/v0.11.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass"
}
GHSA-5GJ2-5693-P684
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
{
"affected": [],
"aliases": [
"CVE-2026-33843"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-22T23:16:44Z",
"severity": "CRITICAL"
},
"details": "Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.",
"id": "GHSA-5gj2-5693-p684",
"modified": "2026-05-26T13:30:21Z",
"published": "2026-05-26T13:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33843"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33843"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5JCR-QMFF-JPH4
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:37An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.
{
"affected": [],
"aliases": [
"CVE-2017-5174"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-19T03:29:00Z",
"severity": "CRITICAL"
},
"details": "An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.",
"id": "GHSA-5jcr-qmff-jph4",
"modified": "2025-04-20T03:37:51Z",
"published": "2022-05-13T01:46:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5174"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41360"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96209"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5MRQ-972X-QWR6
Vulnerability from github – Published: 2022-04-20 00:00 – Updated: 2025-05-05 18:31The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.
{
"affected": [],
"aliases": [
"CVE-2022-0992"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-19T21:15:00Z",
"severity": "CRITICAL"
},
"details": "The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.",
"id": "GHSA-5mrq-972x-qwr6",
"modified": "2025-05-05T18:31:39Z",
"published": "2022-04-20T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0992"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/2706302"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5c6bf7-a653-4571-9566-574d2bb35c4f?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5Q53-766V-93H8
Vulnerability from github – Published: 2024-10-28 12:30 – Updated: 2026-04-01 18:32Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.
{
"affected": [],
"aliases": [
"CVE-2024-50477"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-28T12:15:16Z",
"severity": "CRITICAL"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.",
"id": "GHSA-5q53-766v-93h8",
"modified": "2026-04-01T18:32:09Z",
"published": "2024-10-28T12:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50477"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/stacks-mobile-app-builder/vulnerability/wordpress-stacks-mobile-app-builder-plugin-5-2-3-account-takeover-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-account-takeover-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.