CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
GHSA-P9FM-H38H-99QW
Vulnerability from github – Published: 2024-08-27 09:30 – Updated: 2024-08-27 09:30The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.
{
"affected": [],
"aliases": [
"CVE-2024-41173"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-27T08:15:04Z",
"severity": "HIGH"
},
"details": "The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.",
"id": "GHSA-p9fm-h38h-99qw",
"modified": "2024-08-27T09:30:44Z",
"published": "2024-08-27T09:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41173"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2024-045"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P9RC-826C-7QH4
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
{
"affected": [],
"aliases": [
"CVE-2026-42629"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T13:20:40Z",
"severity": "HIGH"
},
"details": "Unauthenticated Broken Authentication in PowerPack Pro for Elementor \u003c v2.13.0 versions.",
"id": "GHSA-p9rc-826c-7qh4",
"modified": "2026-06-17T18:35:50Z",
"published": "2026-06-17T18:35:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42629"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/powerpack-elements/vulnerability/wordpress-powerpack-pro-for-elementor-plugin-v2-13-0-broken-authentication-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P9VX-XF7X-8HP9
Vulnerability from github – Published: 2025-04-29 03:30 – Updated: 2025-04-29 15:31An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.
{
"affected": [],
"aliases": [
"CVE-2025-24206"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-29T03:15:34Z",
"severity": "HIGH"
},
"details": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.",
"id": "GHSA-p9vx-xf7x-8hp9",
"modified": "2025-04-29T15:31:50Z",
"published": "2025-04-29T03:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24206"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122371"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122372"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122373"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122374"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122375"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122377"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122378"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PFPM-CP34-HH83
Vulnerability from github – Published: 2025-06-09 18:32 – Updated: 2026-04-01 18:35Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager allows Authentication Abuse. This issue affects Password Policy Manager: from n/a through 2.0.4.
{
"affected": [],
"aliases": [
"CVE-2025-31019"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-09T16:15:36Z",
"severity": "HIGH"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager allows Authentication Abuse. This issue affects Password Policy Manager: from n/a through 2.0.4.",
"id": "GHSA-pfpm-cp34-hh83",
"modified": "2026-04-01T18:35:24Z",
"published": "2025-06-09T18:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31019"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/password-policy-manager/vulnerability/wordpress-password-policy-manager-plugin-2-0-4-account-takeover-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PH9V-QVXR-MH9X
Vulnerability from github – Published: 2025-08-20 15:31 – Updated: 2025-11-03 21:34An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-27129"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-20T14:15:42Z",
"severity": "CRITICAL"
},
"details": "An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability.",
"id": "GHSA-ph9v-qvxr-mh9x",
"modified": "2025-11-03T21:34:22Z",
"published": "2025-08-20T15:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27129"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2165"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2165"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PHP2-3GV6-62RW
Vulnerability from github – Published: 2023-09-14 15:31 – Updated: 2024-04-04 07:40A remote authentication bypass issue exists in some OneView APIs.
{
"affected": [],
"aliases": [
"CVE-2023-30909"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-294"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-14T15:15:08Z",
"severity": "CRITICAL"
},
"details": "A remote authentication bypass issue exists in some\nOneView APIs.\n\n\n\n\n\n\n\n",
"id": "GHSA-php2-3gv6-62rw",
"modified": "2024-04-04T07:40:20Z",
"published": "2023-09-14T15:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30909"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04538en_us"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJRR-5QR2-GXW3
Vulnerability from github – Published: 2025-10-11 00:30 – Updated: 2025-10-15 15:30Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
{
"affected": [],
"aliases": [
"CVE-2025-8093"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-10T23:15:36Z",
"severity": "HIGH"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.",
"id": "GHSA-pjrr-5qr2-gxw3",
"modified": "2025-10-15T15:30:27Z",
"published": "2025-10-11T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8093"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2025-098"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQ6P-FC96-WC5W
Vulnerability from github – Published: 2023-10-26 21:30 – Updated: 2025-10-22 00:32Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
{
"affected": [],
"aliases": [
"CVE-2023-46747"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-26T21:15:08Z",
"severity": "CRITICAL"
},
"details": "Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
"id": "GHSA-pq6p-fc96-wc5w",
"modified": "2025-10-22T00:32:52Z",
"published": "2023-10-26T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46747"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000137353"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46747"
},
{
"type": "WEB",
"url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQ8M-GWQP-G9XV
Vulnerability from github – Published: 2025-01-10 21:31 – Updated: 2025-01-10 21:31NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017.
{
"affected": [],
"aliases": [
"CVE-2024-12847"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306",
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-10T20:15:30Z",
"severity": "CRITICAL"
},
"details": "NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017.",
"id": "GHSA-pq8m-gwqp-g9xv",
"modified": "2025-01-10T21:31:27Z",
"published": "2025-01-10T21:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12847"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2013/Jun/8"
},
{
"type": "WEB",
"url": "https://vulncheck.com/advisories/netgear-dgn"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/25978"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/43055"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQ9M-6WC9-H4HJ
Vulnerability from github – Published: 2024-11-13 12:32 – Updated: 2024-11-13 12:32The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2.
{
"affected": [],
"aliases": [
"CVE-2024-11028"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T10:15:04Z",
"severity": "CRITICAL"
},
"details": "The MultiManager WP \u2013 Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2.",
"id": "GHSA-pq9m-6wc9-h4hj",
"modified": "2024-11-13T12:32:12Z",
"published": "2024-11-13T12:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11028"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3184657/multimanager-wp"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3184678/multimanager-wp"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3184826/multimanager-wp"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de8e7adc-3777-4fb1-a708-68da950e3d4f?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.