CWE-288
Authentication Bypass Using an Alternate Path or Channel
Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-127 · CAPEC-665
CVEs mapped to this weakness (336)
page 17 of 17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49125 | — | 0.00 | — | 0.03 | Jun 16, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not… | ||
| CVE-2025-47941 | 0.00 | — | 0.00 | May 20, 2025 | TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient… | |||
| CVE-2024-56325 | — | 0.00 | — | 0.78 | Apr 1, 2025 | Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",… | ||
| CVE-2025-31694 | 0.00 | — | 0.00 | Mar 31, 2025 | Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0. | |||
| CVE-2024-10081 | 0.00 | — | 0.40 | Nov 6, 2024 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication.… | |||
| CVE-2024-36042 | 0.00 | — | 0.01 | Jun 3, 2024 | Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access. | |||
| CVE-2024-21491 | — | 0.00 | — | 0.00 | Feb 13, 2024 | Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches… | ||
| CVE-2015-8314 | — | 0.00 | — | 0.01 | Dec 12, 2023 | The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. | ||
| CVE-2023-1260 | 0.00 | — | 0.02 | Sep 24, 2023 | An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a… | |||
| CVE-2022-36093 | 0.00 | — | 0.01 | Sep 8, 2022 | XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification.… | |||
| CVE-2022-31022 | 0.00 | — | 0.00 | Jun 1, 2022 | Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP… | |||
| CVE-2020-26136 | — | 0.00 | — | 0.01 | Jun 8, 2021 | In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. | ||
| CVE-2020-11005 | 0.00 | — | 0.00 | Apr 14, 2020 | The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a… | |||
| CVE-2018-20321 | 0.00 | — | 0.02 | Apr 10, 2019 | An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated… | |||
| CVE-2012-2356 | 0.00 | — | 0.01 | Jul 21, 2012 | The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | |||
| CVE-2010-3700 | 0.00 | — | 0.02 | Oct 29, 2010 | VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. |
- CVE-2025-49125Jun 16, 2025risk 0.00cvss —epss 0.03
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not…
- CVE-2025-47941May 20, 2025risk 0.00cvss —epss 0.00
TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient…
- CVE-2024-56325Apr 1, 2025risk 0.00cvss —epss 0.78
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",…
- CVE-2025-31694Mar 31, 2025risk 0.00cvss —epss 0.00
Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.
- CVE-2024-10081Nov 6, 2024risk 0.00cvss —epss 0.40
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication.…
- CVE-2024-36042Jun 3, 2024risk 0.00cvss —epss 0.01
Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
- CVE-2024-21491Feb 13, 2024risk 0.00cvss —epss 0.00
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches…
- CVE-2015-8314Dec 12, 2023risk 0.00cvss —epss 0.01
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
- CVE-2023-1260Sep 24, 2023risk 0.00cvss —epss 0.02
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a…
- CVE-2022-36093Sep 8, 2022risk 0.00cvss —epss 0.01
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification.…
- CVE-2022-31022Jun 1, 2022risk 0.00cvss —epss 0.00
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP…
- CVE-2020-26136Jun 8, 2021risk 0.00cvss —epss 0.01
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
- CVE-2020-11005Apr 14, 2020risk 0.00cvss —epss 0.00
The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a…
- CVE-2018-20321Apr 10, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated…
- CVE-2012-2356Jul 21, 2012risk 0.00cvss —epss 0.01
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.
- CVE-2010-3700Oct 29, 2010risk 0.00cvss —epss 0.02
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.