BaseIncomplete

CWE-289Authentication Bypass by Alternate Name

Category: auth

Description

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

Potential mitigations· 3

  • [Architecture and Design]Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names.
  • [Implementation]
  • [Implementation]Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

References

  1. https://cwe.mitre.org/data/definitions/289.html

(incoming)5

TypeTargetConfidenceTier
VulnerabilityCVE-2025-13613cve-2025-136130%live
VulnerabilityCVE-2025-29266cve-2025-292660%live
VulnerabilityCVE-2025-55130cve-2025-551300%live
VulnerabilityCVE-2026-24058cve-2026-240580%live
VulnerabilityCVE-2026-32036cve-2026-320360%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Weak Authentication
CWE
Obscured Security-relevant Information by Alternate Name
CWE
Improper Protection of Alternate Path
CWE
Authentication Bypass Using an Alternate Path or Channel
CWE
Use of Non-Canonical URL Paths for Authorization Decisions
CWE
Improper Access Control
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.