Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

GHSA-73V5-RHGG-73MQ

Vulnerability from github – Published: 2024-02-06 12:30 – Updated: 2024-02-06 12:30
VLAI
Details

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23917"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-06T10:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible",
  "id": "GHSA-73v5-rhgg-73mq",
  "modified": "2024-02-06T12:30:30Z",
  "published": "2024-02-06T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23917"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-743P-8HMW-GC72

Vulnerability from github – Published: 2024-11-28 18:38 – Updated: 2026-04-01 18:32
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform Wawp allows Authentication Bypass.This issue affects Wawp: from n/a before 3.0.18.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-28T11:15:49Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform Wawp allows Authentication Bypass.This issue affects Wawp: from n/a before 3.0.18.",
  "id": "GHSA-743p-8hmw-gc72",
  "modified": "2026-04-01T18:32:35Z",
  "published": "2024-11-28T18:38:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52475"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/automation-web-platform/vulnerability/wordpress-wawp-plugin-3-0-18-account-takeover-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-744G-7QM9-HJH9

Vulnerability from github – Published: 2025-05-20 19:39 – Updated: 2025-05-20 19:39
VLAI
Summary
The TYPO3 CMS Backend has Broken Authentication in Backend MFA
Details

Problem

The multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes.

Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication.

Solution

Update to TYPO3 versions 12.4.31 LTS, 13.4.12 LTS that fix the problem described.

Credits

Thanks to Jens Jacobsen and Y. Kahveci for reporting this issue, and to TYPO3 security team member Torben Hansen for fixing it.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 12.4.30"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.4.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 13.4.11"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "13.0.0"
            },
            {
              "fixed": "13.4.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-47941"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-20T19:39:37Z",
    "nvd_published_at": "2025-05-20T14:15:51Z",
    "severity": "HIGH"
  },
  "details": "### Problem\nThe multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes.\n\nSuccessful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication.\n\n### Solution\nUpdate to TYPO3 versions 12.4.31 LTS, 13.4.12 LTS that fix the problem described.\n\n### Credits\nThanks to Jens Jacobsen and Y. Kahveci for reporting this issue, and to TYPO3 security team member Torben Hansen for fixing it.",
  "id": "GHSA-744g-7qm9-hjh9",
  "modified": "2025-05-20T19:39:37Z",
  "published": "2025-05-20T19:39:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-744g-7qm9-hjh9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47941"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3-CMS/backend/commit/034f589029952084771c5f98d42ed0f69f9a7ead"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TYPO3-CMS/backend"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-015"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "The TYPO3 CMS Backend has Broken Authentication in Backend MFA"
}

GHSA-746G-3GFP-HFHW

Vulnerability from github – Published: 2023-01-26 23:54 – Updated: 2023-12-14 22:26
VLAI
Summary
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
Details

Devise version before 3.5.4 uses cookies to implement a "Remember me" functionality. However, it generates the same cookie for all devices. If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the application indefinitely.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "devise"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-8314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-26T23:54:07Z",
    "nvd_published_at": "2023-12-12T17:15:07Z",
    "severity": "HIGH"
  },
  "details": "Devise version before 3.5.4 uses cookies to implement a \"Remember me\" functionality. However, it generates the same cookie for all devices. If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the application indefinitely.\n",
  "id": "GHSA-746g-3gfp-hfhw",
  "modified": "2023-12-14T22:26:44Z",
  "published": "2023-01-26T23:54:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8314"
    },
    {
      "type": "WEB",
      "url": "https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-746g-3gfp-hfhw"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/heartcombo/devise"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2015-8314.yml"
    },
    {
      "type": "WEB",
      "url": "https://rubysec.com/advisories/CVE-2015-8314"
    },
    {
      "type": "WEB",
      "url": "http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Devise Gem for Ruby Unauthorized Access Using \"Remember Me\" Cookie"
}

GHSA-747X-5M58-MQ97

Vulnerability from github – Published: 2024-02-13 06:30 – Updated: 2024-10-16 17:06
VLAI
Summary
svix vulnerable to Authentication Bypass
Details

Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.

Note:

The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "svix"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21491"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-13T18:36:52Z",
    "nvd_published_at": "2024-02-13T05:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.\n\n**Note:**\n\nThe attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.",
  "id": "GHSA-747x-5m58-mq97",
  "modified": "2024-10-16T17:06:15Z",
  "published": "2024-02-13T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21491"
    },
    {
      "type": "WEB",
      "url": "https://github.com/svix/svix-webhooks/pull/1190"
    },
    {
      "type": "WEB",
      "url": "https://github.com/svix/svix-webhooks/commit/958821bd3b956d1436af65f70a0964d4ffb7daf6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/svix/svix-webhooks"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0010.html"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-RUST-SVIX-6230729"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "svix vulnerable to Authentication Bypass"
}

GHSA-74JQ-6Q38-P5WF

Vulnerability from github – Published: 2026-02-17 21:31 – Updated: 2026-02-17 21:31
VLAI
Details

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-17T21:22:15Z",
    "severity": "HIGH"
  },
  "details": "An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.",
  "id": "GHSA-74jq-6q38-p5wf",
  "modified": "2026-02-17T21:31:15Z",
  "published": "2026-02-17T21:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23595"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us\u0026docLocale=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-74QH-MQMG-CVXJ

Vulnerability from github – Published: 2024-10-30 09:30 – Updated: 2026-04-01 18:32
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck Oñate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-30T08:15:02Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck O\u00f1ate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3.",
  "id": "GHSA-74qh-mqmg-cvxj",
  "modified": "2026-04-01T18:32:14Z",
  "published": "2024-10-30T09:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50503"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/user-toolkit/vulnerability/wordpress-user-toolkit-plugin-1-2-3-account-takeover-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/user-toolkit/wordpress-user-toolkit-plugin-1-2-3-account-takeover-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-74X7-73GR-C646

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-05-27 15:33
VLAI
Details

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command.

This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version 6.56.0430 - MAC-6400: version 6.56.0430 - CXS-0424: version 6.30.0510

The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below: - CCT-1668 (CCT1CPU) - MAC-6400 - CXS-0424 These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-35087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:16:44Z",
    "severity": "CRITICAL"
  },
  "details": "Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command.\n\n\nThis issue was fixed in versions below:\n- NCP: version 1.24.0250\n- IPx series: version 6.61.0040\n- CCT-1668: version 6.56.0430\n- MAC-6400: version 6.56.0430\n- CXS-0424: version 6.30.0510\n\nThe issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:\n- CCT-1668 (CCT1CPU)\n- MAC-6400\n-\u00a0CXS-0424\nThese products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.",
  "id": "GHSA-74x7-73gr-c646",
  "modified": "2026-05-27T15:33:11Z",
  "published": "2026-05-27T15:33:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35087"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/posts/2026/05/CVE-2026-35087"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-75G9-H46F-FPXQ

Vulnerability from github – Published: 2023-07-31 15:30 – Updated: 2024-03-21 03:35
VLAI
Details

** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-31T14:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
  "id": "GHSA-75g9-h46f-fpxq",
  "modified": "2024-03-21T03:35:36Z",
  "published": "2023-07-31T15:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36091"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com/en/security-bulletin"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com/en/support"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75VJ-36GH-8X22

Vulnerability from github – Published: 2023-06-07 03:30 – Updated: 2024-04-04 04:37
VLAI
Details

The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36724"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-07T02:15:12Z",
    "severity": "CRITICAL"
  },
  "details": "The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges.",
  "id": "GHSA-75vj-36gh-8x22",
  "modified": "2024-04-04T04:37:54Z",
  "published": "2023-06-07T03:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36724"
    },
    {
      "type": "WEB",
      "url": "https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/2234193/wordable/trunk/wordable.php"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be1ab218-37bd-407a-8cb9-66f761849c21?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.