CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Description

A product requires authentication, but the product has an alternate path or channel that does not require authentication. The weakness is introduced during Architecture and Design stage.

Latest vulnerabilities for CWE-288

Multiple vulnerabilities in IBM Watson Machine Learning Accelerator on Cloud Pak for Data 2024-02-28
High Yes

Multiple vulnerabilities in ConnectWise ScreenConnect 2024-02-21
Critical Yes

Authentication bypass using an alternate path or channel in Nextcloud Global Site Selector 2024-01-19
High Yes

Authentication bypass using an alternate path or channel in Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d 2023-12-06
Low Yes

Multiple vulnerabilities in Red Lion Sixnet RTUs 2023-11-21
High Yes

Authentication bypass using an alternate path or channel in IBM Storage Ceph 2023-11-02
Low Yes

Authentication bypass in BIG-IP Configuration utility 2023-10-27
High Yes

Multiple vulnerabilities in FURUNO SYSTEMS wireless LAN access point devices 2023-10-03
Medium Yes

Multiple vulnerabilities in JetBrains TeamCity 2023-09-21
High Yes

Multiple vulnerabilities in Dover Fueling Solutions MAGLINK LX Console 2023-09-08
High Yes

References

Description of CWE-288 on Mitre website