CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
GHSA-63FQ-R3MP-FPCF
Vulnerability from github – Published: 2023-06-29 21:30 – Updated: 2024-04-04 05:18A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
{
"affected": [],
"aliases": [
"CVE-2023-30946"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-29T19:15:08Z",
"severity": "MODERATE"
},
"details": "A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry\u0027s Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.",
"id": "GHSA-63fq-r3mp-fpcf",
"modified": "2024-04-04T05:18:12Z",
"published": "2023-06-29T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30946"
},
{
"type": "WEB",
"url": "https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-63MH-3Q59-GMP2
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
{
"affected": [],
"aliases": [
"CVE-2026-49767"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T13:20:46Z",
"severity": "CRITICAL"
},
"details": "Unauthenticated Broken Authentication in wpForo Forum \u003c= 3.1.0 versions.",
"id": "GHSA-63mh-3q59-gmp2",
"modified": "2026-06-17T18:35:52Z",
"published": "2026-06-17T18:35:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49767"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wpforo/vulnerability/wordpress-wpforo-forum-plugin-3-1-0-broken-authentication-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6573-9WW9-37V2
Vulnerability from github – Published: 2024-07-24 03:32 – Updated: 2024-07-24 03:32The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing Voucher Vendor user on the site, if they have access to the user id.
{
"affected": [],
"aliases": [
"CVE-2024-7027"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-24T03:15:05Z",
"severity": "HIGH"
},
"details": "The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing Voucher Vendor user on the site, if they have access to the user id.",
"id": "GHSA-6573-9ww9-37v2",
"modified": "2024-07-24T03:32:20Z",
"published": "2024-07-24T03:32:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7027"
},
{
"type": "WEB",
"url": "https://codecanyon.net/item/woocommerce-pdf-vouchers-ultimate-gift-cards-wordpress-plugin/7392046"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6cf27d9-c0be-4cff-8867-19297f6d79d7?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-658W-F28G-3J4H
Vulnerability from github – Published: 2024-11-13 12:32 – Updated: 2024-11-13 12:32A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.
{
"affected": [],
"aliases": [
"CVE-2024-47574"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T12:15:16Z",
"severity": "HIGH"
},
"details": "A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.",
"id": "GHSA-658w-f28g-3j4h",
"modified": "2024-11-13T12:32:12Z",
"published": "2024-11-13T12:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47574"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-199"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-65C5-J3WR-V7FH
Vulnerability from github – Published: 2025-12-15 12:30 – Updated: 2026-02-18 15:31An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle
By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges
In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions
This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.
{
"affected": [],
"aliases": [
"CVE-2025-14714"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-15T11:15:39Z",
"severity": "LOW"
},
"details": "An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions\u00a0granted by the user to the main application bundle\n\n\n\n\nBy executing the bundled interpreter directly the attacker\u0027s scripts run with the application\u0027s TCC\u00a0privileges\n\n\n\n\nIn fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions\n\nThis issue affects LibreOffice on macOS: from 25.2 before \u003c 25.2.4.",
"id": "GHSA-65c5-j3wr-v7fh",
"modified": "2026-02-18T15:31:23Z",
"published": "2025-12-15T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14714"
},
{
"type": "WEB",
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-14714"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-67VV-7C97-F7H6
Vulnerability from github – Published: 2026-07-01 06:31 – Updated: 2026-07-01 12:31In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01816800; Issue ID: MSV-6842.
{
"affected": [],
"aliases": [
"CVE-2026-20459"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T04:17:14Z",
"severity": "MODERATE"
},
"details": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01816800; Issue ID: MSV-6842.",
"id": "GHSA-67vv-7c97-f7h6",
"modified": "2026-07-01T12:31:34Z",
"published": "2026-07-01T06:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20459"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-685V-CWV9-JXP3
Vulnerability from github – Published: 2023-01-18 00:30 – Updated: 2023-01-25 18:30Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.
{
"affected": [],
"aliases": [
"CVE-2022-46732"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-18T00:15:00Z",
"severity": "CRITICAL"
},
"details": "Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.",
"id": "GHSA-685v-cwv9-jxp3",
"modified": "2023-01-25T18:30:49Z",
"published": "2023-01-18T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46732"
},
{
"type": "WEB",
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-68GP-7M2F-PCH3
Vulnerability from github – Published: 2024-12-16 18:31 – Updated: 2026-04-01 18:32Authentication Bypass Using an Alternate Path or Channel vulnerability in Envato Security Team Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.
{
"affected": [],
"aliases": [
"CVE-2024-43234"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-16T16:15:07Z",
"severity": "CRITICAL"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Envato Security Team Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.",
"id": "GHSA-68gp-7m2f-pch3",
"modified": "2026-04-01T18:32:52Z",
"published": "2024-12-16T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43234"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/theme/woffice/vulnerability/wordpress-woffice-theme-5-4-14-unauthenticated-account-takeover-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-68RG-V3M3-F4HP
Vulnerability from github – Published: 2025-07-11 06:30 – Updated: 2026-01-16 15:31The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.
{
"affected": [],
"aliases": [
"CVE-2025-30026"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-11T06:15:24Z",
"severity": "MODERATE"
},
"details": "The AXIS Camera Station Server had a flaw that allowed\nto bypass authentication that is normally required.",
"id": "GHSA-68rg-v3m3-f4hp",
"modified": "2026-01-16T15:31:22Z",
"published": "2025-07-11T06:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30026"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/a3/42/92/cve-2025-30026pdf-en-US-485735.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6925-Q744-QCX6
Vulnerability from github – Published: 2022-05-05 00:00 – Updated: 2022-05-17 00:01Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.
{
"affected": [],
"aliases": [
"CVE-2022-23724"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-04T17:15:00Z",
"severity": "HIGH"
},
"details": "Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.",
"id": "GHSA-6925-q744-qcx6",
"modified": "2022-05-17T00:01:43Z",
"published": "2022-05-05T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23724"
},
{
"type": "WEB",
"url": "https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.html"
},
{
"type": "WEB",
"url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.