Read Time:1 Minute, 9 Second
Description
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-287
CWE-284
CWE-420
CWE-425
Consequences
Access Control: Bypass Protection Mechanism
Potential Mitigations
Phase: Architecture and Design
Description:
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CVE References
- CVE-2000-1179
- Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
- CVE-1999-1454
- Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key.
- CVE-1999-1077
- OS allows local attackers to bypass the password protection of idled sessions via the programmer’s switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
- CVE-2003-0304
- Direct request of installation file allows attacker to create administrator accounts.
- CVE-2002-0870
- Attackers may gain additional privileges by directly requesting the web management URL.
- CVE-2002-0066
- Bypass authentication via direct request to named pipe.
- CVE-2003-1035
- User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.