CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Description

A product requires authentication, but the product has an alternate path or channel that does not require authentication. The weakness is introduced during Architecture and Design stage.

Latest vulnerabilities for CWE-288

Multiple vulnerabilities in Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool 2025-03-24
High Yes

Authentication bypass using an alternate path or channel in WP Real Estate Manager plugin for WordPress 2025-03-07
High No

Multiple vulnerabilities in Hitachi Vantara Pentaho Business Analytics Server 2025-03-04
Critical Yes Public exploit

Multiple vulnerabilities in Century Systems FutureNet AS series and FA series 2025-02-28
High Yes

Authentication bypass using an alternate path or channel in RoboForm Password Manager App for Android 2025-02-21
Low Yes

Multiple vulnerabilities in Elber Communications Equipment 2025-02-07
High No

Multiple vulnerabilities in Hitachi Energy FOXMAN-UN and UNEM 2025-01-17
High Yes

Authentication bypass in FortiOS and FortiProxy 2025-01-14
Critical Yes Zero Day Public exploit

Multiple vulnerabilities in Ivanti Cloud Services Application (CSA) 2024-12-11
High Yes

Multiple vulnerabilities in IBM Cognos Controller 2024-12-06
High Yes Public exploit

References

Description of CWE-288 on Mitre website