CWE-288 – Authentication Bypass Using an Alternate Path or Channel

Read Time:1 Minute, 9 Second

Description

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-287
CWE-284
CWE-420
CWE-425

 

Consequences

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CVE References

  • CVE-2000-1179
    • Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
  • CVE-1999-1454
    • Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key.
  • CVE-1999-1077
    • OS allows local attackers to bypass the password protection of idled sessions via the programmer’s switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
  • CVE-2003-0304
    • Direct request of installation file allows attacker to create administrator accounts.
  • CVE-2002-0870
    • Attackers may gain additional privileges by directly requesting the web management URL.
  • CVE-2002-0066
    • Bypass authentication via direct request to named pipe.
  • CVE-2003-1035
    • User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.