CWE-288

Authentication Bypass Using an Alternate Path or Channel

Base

What it is

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Access Control

Bypass Protection Mechanism

[Architecture and Design] Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CVE-2000-1179 — Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
CVE-1999-1454 — Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key.
CVE-1999-1077 — OS allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugg
CVE-2003-0304 — Direct request of installation file allows attacker to create administrator accounts.
CVE-2002-0870 — Attackers may gain additional privileges by directly requesting the web management URL.
CVE-2002-0066 — Bypass authentication via direct request to named pipe.
CVE-2003-1035 — User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.

Test & detect