BaseIncomplete
CWE-288Authentication Bypass Using an Alternate Path or Channel
Category: auth
Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common consequences· 1
- Access Control — Bypass Protection Mechanism
Potential mitigations· 1
- [Architecture and Design]Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Related CAPEC attack patterns· 2
References
Exploits (incoming)2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Directory Indexingcapec-127 | 100% | live |
| AttackPattern | Exploitation of Thunderbolt Protection Flawscapec-665 | 100% | live |
Compliance frameworks addressing this (incoming)4
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | pci_dss_v4-r8 | 100% | live |
| ComplianceControl | nis2-art21j | 100% | live |
| ComplianceControl | owasp_api_top10-api02 | 100% | live |
| ComplianceControl | iso27001-a.8.5 | 100% | live |
(incoming)144
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-0159cve-2025-0159 | 0% | live |
| Vulnerability | CVE-2025-0181cve-2025-0181 | 0% | live |
| Vulnerability | CVE-2025-0316cve-2025-0316 | 0% | live |
| Vulnerability | CVE-2025-0364cve-2025-0364 | 0% | live |
| Vulnerability | CVE-2025-0674cve-2025-0674 | 0% | live |
| Vulnerability | CVE-2025-0749cve-2025-0749 | 0% | live |
| Vulnerability | CVE-2025-10294cve-2025-10294 | 0% | live |
| Vulnerability | CVE-2025-10484cve-2025-10484 | 0% | live |
| Vulnerability | CVE-2025-10571cve-2025-10571 | 0% | live |
| Vulnerability | CVE-2025-1061cve-2025-1061 | 0% | live |
| Vulnerability | CVE-2025-10653cve-2025-10653 | 0% | live |
| Vulnerability | CVE-2025-11522cve-2025-11522 | 0% | live |
| Vulnerability | CVE-2025-11621cve-2025-11621 | 0% | live |
| Vulnerability | CVE-2025-1283cve-2025-1283 | 0% | live |
| Vulnerability | CVE-2025-13018cve-2025-13018 | 0% | live |
| Vulnerability | CVE-2025-1313cve-2025-1313 | 0% | live |
| Vulnerability | CVE-2025-1315cve-2025-1315 | 0% | live |
| Vulnerability | CVE-2025-13539cve-2025-13539 | 0% | live |
| Vulnerability | CVE-2025-15102cve-2025-15102 | 0% | live |
| Vulnerability | CVE-2025-1515cve-2025-1515 | 0% | live |
| Vulnerability | CVE-2025-1564cve-2025-1564 | 0% | live |
| Vulnerability | CVE-2025-1638cve-2025-1638 | 0% | live |
| Vulnerability | CVE-2025-1671cve-2025-1671 | 0% | live |
| Vulnerability | CVE-2025-1717cve-2025-1717 | 0% | live |
| Vulnerability | CVE-2025-1909cve-2025-1909 | 0% | live |
| Vulnerability | CVE-2025-21589cve-2025-21589 | 0% | live |
| Vulnerability | CVE-2025-22277cve-2025-22277 | 0% | live |
| Vulnerability | CVE-2025-22462cve-2025-22462 | 0% | live |
| Vulnerability | CVE-2025-23504cve-2025-23504 | 0% | live |
| Vulnerability | CVE-2025-24000cve-2025-24000 | 0% | live |
Showing top 30 of 144 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.