CWE-288: Authentication Bypass Using an Alternate Path or Channel
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism
潜在缓解措施
阶段: Architecture and Design
描述: Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
观察示例
参考: CVE-2000-1179
Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
参考: CVE-1999-1454
Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key.
参考: CVE-1999-1077
OS allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
参考: CVE-2003-0304
Direct request of installation file allows attacker to create administrator accounts.
参考: CVE-2002-0870
Attackers may gain additional privileges by directly requesting the web management URL.
参考: CVE-2002-0066
Bypass authentication via direct request to named pipe.
参考: CVE-2003-1035
User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic. |
| Architecture and Design | This is often seen in web applications that assume that access to a particular CGI program can only be obtained through a "front" screen, when the supporting programs are directly accessible. But this problem is not just in web apps. |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Authentication Bypass by Alternate Path/Channel | - |
| OWASP Top Ten 2007 | A10 | Failure to Restrict URL Access | CWE More Specific |