CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
GHSA-73V5-RHGG-73MQ
Vulnerability from github – Published: 2024-02-06 12:30 – Updated: 2024-02-06 12:30In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
{
"affected": [],
"aliases": [
"CVE-2024-23917"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T10:15:09Z",
"severity": "CRITICAL"
},
"details": "In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible",
"id": "GHSA-73v5-rhgg-73mq",
"modified": "2024-02-06T12:30:30Z",
"published": "2024-02-06T12:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23917"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-743P-8HMW-GC72
Vulnerability from github – Published: 2024-11-28 18:38 – Updated: 2026-04-01 18:32Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform Wawp allows Authentication Bypass.This issue affects Wawp: from n/a before 3.0.18.
{
"affected": [],
"aliases": [
"CVE-2024-52475"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-28T11:15:49Z",
"severity": "CRITICAL"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform Wawp allows Authentication Bypass.This issue affects Wawp: from n/a before 3.0.18.",
"id": "GHSA-743p-8hmw-gc72",
"modified": "2026-04-01T18:32:35Z",
"published": "2024-11-28T18:38:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52475"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/automation-web-platform/vulnerability/wordpress-wawp-plugin-3-0-18-account-takeover-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-744G-7QM9-HJH9
Vulnerability from github – Published: 2025-05-20 19:39 – Updated: 2025-05-20 19:39Problem
The multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes.
Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication.
Solution
Update to TYPO3 versions 12.4.31 LTS, 13.4.12 LTS that fix the problem described.
Credits
Thanks to Jens Jacobsen and Y. Kahveci for reporting this issue, and to TYPO3 security team member Torben Hansen for fixing it.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.4.30"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-backend"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.4.31"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 13.4.11"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-backend"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "13.4.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-47941"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-20T19:39:37Z",
"nvd_published_at": "2025-05-20T14:15:51Z",
"severity": "HIGH"
},
"details": "### Problem\nThe multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes.\n\nSuccessful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication.\n\n### Solution\nUpdate to TYPO3 versions 12.4.31 LTS, 13.4.12 LTS that fix the problem described.\n\n### Credits\nThanks to Jens Jacobsen and Y. Kahveci for reporting this issue, and to TYPO3 security team member Torben Hansen for fixing it.",
"id": "GHSA-744g-7qm9-hjh9",
"modified": "2025-05-20T19:39:37Z",
"published": "2025-05-20T19:39:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-744g-7qm9-hjh9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47941"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3-CMS/backend/commit/034f589029952084771c5f98d42ed0f69f9a7ead"
},
{
"type": "PACKAGE",
"url": "https://github.com/TYPO3-CMS/backend"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-015"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "The TYPO3 CMS Backend has Broken Authentication in Backend MFA"
}
GHSA-746G-3GFP-HFHW
Vulnerability from github – Published: 2023-01-26 23:54 – Updated: 2023-12-14 22:26Devise version before 3.5.4 uses cookies to implement a "Remember me" functionality. However, it generates the same cookie for all devices. If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the application indefinitely.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "devise"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-8314"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-312"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-26T23:54:07Z",
"nvd_published_at": "2023-12-12T17:15:07Z",
"severity": "HIGH"
},
"details": "Devise version before 3.5.4 uses cookies to implement a \"Remember me\" functionality. However, it generates the same cookie for all devices. If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the application indefinitely.\n",
"id": "GHSA-746g-3gfp-hfhw",
"modified": "2023-12-14T22:26:44Z",
"published": "2023-01-26T23:54:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8314"
},
{
"type": "WEB",
"url": "https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-746g-3gfp-hfhw"
},
{
"type": "PACKAGE",
"url": "https://github.com/heartcombo/devise"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2015-8314.yml"
},
{
"type": "WEB",
"url": "https://rubysec.com/advisories/CVE-2015-8314"
},
{
"type": "WEB",
"url": "http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Devise Gem for Ruby Unauthorized Access Using \"Remember Me\" Cookie"
}
GHSA-747X-5M58-MQ97
Vulnerability from github – Published: 2024-02-13 06:30 – Updated: 2024-10-16 17:06Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.
Note:
The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "svix"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-21491"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-13T18:36:52Z",
"nvd_published_at": "2024-02-13T05:15:08Z",
"severity": "MODERATE"
},
"details": "Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.\n\n**Note:**\n\nThe attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.",
"id": "GHSA-747x-5m58-mq97",
"modified": "2024-10-16T17:06:15Z",
"published": "2024-02-13T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21491"
},
{
"type": "WEB",
"url": "https://github.com/svix/svix-webhooks/pull/1190"
},
{
"type": "WEB",
"url": "https://github.com/svix/svix-webhooks/commit/958821bd3b956d1436af65f70a0964d4ffb7daf6"
},
{
"type": "PACKAGE",
"url": "https://github.com/svix/svix-webhooks"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0010.html"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-RUST-SVIX-6230729"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "svix vulnerable to Authentication Bypass"
}
GHSA-74JQ-6Q38-P5WF
Vulnerability from github – Published: 2026-02-17 21:31 – Updated: 2026-02-17 21:31An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.
{
"affected": [],
"aliases": [
"CVE-2026-23595"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-17T21:22:15Z",
"severity": "HIGH"
},
"details": "An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.",
"id": "GHSA-74jq-6q38-p5wf",
"modified": "2026-02-17T21:31:15Z",
"published": "2026-02-17T21:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23595"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us\u0026docLocale=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-74QH-MQMG-CVXJ
Vulnerability from github – Published: 2024-10-30 09:30 – Updated: 2026-04-01 18:32Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck Oñate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3.
{
"affected": [],
"aliases": [
"CVE-2024-50503"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-30T08:15:02Z",
"severity": "CRITICAL"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck O\u00f1ate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3.",
"id": "GHSA-74qh-mqmg-cvxj",
"modified": "2026-04-01T18:32:14Z",
"published": "2024-10-30T09:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50503"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/user-toolkit/vulnerability/wordpress-user-toolkit-plugin-1-2-3-account-takeover-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/user-toolkit/wordpress-user-toolkit-plugin-1-2-3-account-takeover-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-74X7-73GR-C646
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-05-27 15:33Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command.
This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version 6.56.0430 - MAC-6400: version 6.56.0430 - CXS-0424: version 6.30.0510
The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below: - CCT-1668 (CCT1CPU) - MAC-6400 - CXS-0424 These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.
{
"affected": [],
"aliases": [
"CVE-2026-35087"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:16:44Z",
"severity": "CRITICAL"
},
"details": "Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command.\n\n\nThis issue was fixed in versions below:\n- NCP: version 1.24.0250\n- IPx series: version 6.61.0040\n- CCT-1668: version 6.56.0430\n- MAC-6400: version 6.56.0430\n- CXS-0424: version 6.30.0510\n\nThe issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:\n- CCT-1668 (CCT1CPU)\n- MAC-6400\n-\u00a0CXS-0424\nThese products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.",
"id": "GHSA-74x7-73gr-c646",
"modified": "2026-05-27T15:33:11Z",
"published": "2026-05-27T15:33:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35087"
},
{
"type": "WEB",
"url": "https://cert.pl/posts/2026/05/CVE-2026-35087"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-75G9-H46F-FPXQ
Vulnerability from github – Published: 2023-07-31 15:30 – Updated: 2024-03-21 03:35** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
{
"affected": [],
"aliases": [
"CVE-2023-36091"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-31T14:15:10Z",
"severity": "CRITICAL"
},
"details": "** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
"id": "GHSA-75g9-h46f-fpxq",
"modified": "2024-03-21T03:35:36Z",
"published": "2023-07-31T15:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36091"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/support"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-75VJ-36GH-8X22
Vulnerability from github – Published: 2023-06-07 03:30 – Updated: 2024-04-04 04:37The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges.
{
"affected": [],
"aliases": [
"CVE-2020-36724"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-07T02:15:12Z",
"severity": "CRITICAL"
},
"details": "The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges.",
"id": "GHSA-75vj-36gh-8x22",
"modified": "2024-04-04T04:37:54Z",
"published": "2023-06-07T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36724"
},
{
"type": "WEB",
"url": "https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/2234193/wordable/trunk/wordable.php"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be1ab218-37bd-407a-8cb9-66f761849c21?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.