Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

GHSA-XHW2-XHMJ-QMW7

Vulnerability from github – Published: 2026-03-12 00:31 – Updated: 2026-03-16 15:30
VLAI
Details

Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3930"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-11T22:16:35Z",
    "severity": "MODERATE"
  },
  "details": "Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-xhw2-xhmj-qmw7",
  "modified": "2026-03-16T15:30:34Z",
  "published": "2026-03-12T00:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3930"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/476898368"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJG4-367C-227H

Vulnerability from github – Published: 2024-12-13 15:30 – Updated: 2026-04-01 18:32
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech Firebase OTP Authentication allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through 1.0.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-54294"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-13T15:15:33Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech Firebase OTP Authentication allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through 1.0.1.",
  "id": "GHSA-xjg4-367c-227h",
  "modified": "2026-04-01T18:32:43Z",
  "published": "2024-12-13T15:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54294"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/authentication-via-otp-using-firebase/vulnerability/wordpress-firebase-otp-authentication-plugin-1-0-1-account-takeover-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJHW-GQ27-XGJR

Vulnerability from github – Published: 2025-03-03 09:30 – Updated: 2025-03-03 09:30
VLAI
Details

Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-03T09:15:39Z",
    "severity": "HIGH"
  },
  "details": "Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.",
  "id": "GHSA-xjhw-gq27-xgjr",
  "modified": "2025-03-03T09:30:35Z",
  "published": "2025-03-03T09:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24846"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU96398949"
    },
    {
      "type": "WEB",
      "url": "https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XM4X-3R5H-VWFR

Vulnerability from github – Published: 2026-01-06 09:30 – Updated: 2026-01-06 09:30
VLAI
Details

Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21411"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-06T07:15:43Z",
    "severity": "HIGH"
  },
  "details": "Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.",
  "id": "GHSA-xm4x-3r5h-vwfr",
  "modified": "2026-01-06T09:30:28Z",
  "published": "2026-01-06T09:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21411"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU97172240"
    },
    {
      "type": "WEB",
      "url": "https://www.plathome.co.jp/support/software/fw5/dx1-v5-0-8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XM8P-WGJH-PFXF

Vulnerability from github – Published: 2026-02-26 03:31 – Updated: 2026-02-26 03:31
VLAI
Details

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1779"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-26T03:16:03Z",
    "severity": "HIGH"
  },
  "details": "The User Registration \u0026 Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the \u0027register_member\u0027 function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the \u0027urm_user_just_created\u0027 user meta set.",
  "id": "GHSA-xm8p-wgjh-pfxf",
  "modified": "2026-02-26T03:31:18Z",
  "published": "2026-02-26T03:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1779"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/5.0.4/modules/membership/includes/AJAX.php#L246"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8dd2-c25bc8007d05?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP67-RFWJ-P4W6

Vulnerability from github – Published: 2025-05-30 12:31 – Updated: 2025-05-30 12:31
VLAI
Details

The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the 'IS_BA_Browse_As::notice' function with the 'is_ba_original_user_COOKIEHASH' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-30T12:15:21Z",
    "severity": "HIGH"
  },
  "details": "The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the \u0027IS_BA_Browse_As::notice\u0027 function with the \u0027is_ba_original_user_COOKIEHASH\u0027 cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.",
  "id": "GHSA-xp67-rfwj-p4w6",
  "modified": "2025-05-30T12:31:26Z",
  "published": "2025-05-30T12:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5190"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/browse-as/tags/0.2/browse-as.php#L115"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/browse-as/tags/0.2/browse-as.php#L92"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f5722b0-0d54-4c44-b168-a886da1077cb?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XQC5-RP7M-624Q

Vulnerability from github – Published: 2026-01-28 21:31 – Updated: 2026-01-29 21:30
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13986"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-28T20:16:08Z",
    "severity": "HIGH"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3.",
  "id": "GHSA-xqc5-rp7m-624q",
  "modified": "2026-01-29T21:30:30Z",
  "published": "2026-01-28T21:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13986"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2025-124"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XQXH-XCX3-FFF7

Vulnerability from github – Published: 2025-08-11 18:31 – Updated: 2025-08-11 18:31
VLAI
Details

Improper Control of Generation of Code ('Code Injection') vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-11T18:15:33Z",
    "severity": "HIGH"
  },
  "details": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in ABB ASPECT.This issue affects ASPECT: before \u003c3.08.04-s01.",
  "id": "GHSA-xqxh-xcx3-fff7",
  "modified": "2025-08-11T18:31:09Z",
  "published": "2025-08-11T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53187"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A4462\u0026LanguageCode=en\u0026DocumentPartId=pdf\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XRHC-H3FX-54PC

Vulnerability from github – Published: 2024-11-15 12:31 – Updated: 2024-11-15 12:31
VLAI
Details

The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10311"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-15T10:15:03Z",
    "severity": "HIGH"
  },
  "details": "The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the \u0027edba_admin_handle\u0027 function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator.",
  "id": "GHSA-xrhc-h3fx-54pc",
  "modified": "2024-11-15T12:31:44Z",
  "published": "2024-11-15T12:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10311"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/external-database-based-actions/trunk/lib/edba-admin-ajax-controller.php?rev=1785239#L8"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d41a8c39-8b06-45b2-afe4-8c695faf8cb8?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XRQ6-2CHV-2C9R

Vulnerability from github – Published: 2022-02-19 00:01 – Updated: 2022-03-02 00:00
VLAI
Details

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24047"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-18T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618.",
  "id": "GHSA-xrq6-2chv-2c9r",
  "modified": "2022-03-02T00:00:40Z",
  "published": "2022-02-19T00:01:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24047"
    },
    {
      "type": "WEB",
      "url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-290"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.