CWE-288— Authentication Bypass Using an Alternate Path or Channel
509 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-288page 1 of 11
- CVE-2016-9497HIGHCVSS 8.8EG 8.82018-07-13
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authent…
- CVE-2018-10841HIGHCVSS 8.8EG 8.82018-06-20
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operati…
- CVE-2018-17918CRITICALCVSS 9.8EG 9.82018-11-02
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.
- CVE-2018-19000MEDIUMCVSS 5.3EG 5.32019-02-05
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.
- CVE-2018-4852CRITICALCVSS 9.8EG 9.82018-07-03
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certa…
- CVE-2018-5386HIGHCVSS 7.5EG 7.52018-07-24
Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak.
- CVE-2018-8859CRITICALCVSS 9.8EG 9.82018-07-24
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file b…
- CVE-2019-13526HIGHCVSS 8.8EG 8.82019-08-30
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code.
- CVE-2019-18250CRITICALCVSS 9.8EG 9.82019-11-26
In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from t…
- CVE-2019-3758CRITICALCVSS 9.8EG 9.82019-09-18
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized a…
- CVE-2019-5165HIGHCVSS 7.2EG 7.22020-02-25
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traff…
- CVE-2019-5451MEDIUMCVSS 4.6EG 4.62019-07-30
Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time.
- CVE-2019-5453MEDIUMCVSS 6.1EG 6.12019-07-30
Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.
- CVE-2019-5455MEDIUMCVSS 6.8EG 6.82019-07-30
Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.
- CVE-2019-5473HIGHCVSS 7.2EG 7.22019-09-09
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.
- CVE-2019-5486HIGHCVSS 8.8EG 8.82019-12-18
A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verificat…
- CVE-2019-6551HIGHCVSS 7.5EG 7.52019-02-28
Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condi…
- CVE-2019-9510MEDIUMCVSS 5.3EG 5.32020-01-15
A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network…
- CVE-2020-10048MEDIUMCVSS 5.5EG 5.52021-02-09
A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus b…
- CVE-2020-10148CRITICALCVSS 9.8EG 9.8⚠ KEV2020-12-29
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may res…
- CVE-2020-10283CRITICALCVSS 9.8EG 9.82020-08-20
The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOP…
- CVE-2020-11005MEDIUMCVSS 5.1EG 5.12020-04-14
The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used t…
- CVE-2020-13185MEDIUMCVSS 6.5EG 6.52021-02-11
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive…
- CVE-2020-14477LOWCVSS 3.6EG 4.42020-06-26
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may…
- CVE-2020-14485CRITICALCVSS 9.8EG 9.82020-07-20
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL que…
- CVE-2020-15633HIGHCVSS 8.8EG 8.82020-07-23
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerabilit…
- CVE-2020-1618MEDIUMCVSS 6.3EG 6.32020-04-08
On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot a…
- CVE-2020-1637HIGHCVSS 7.2EG 7.22020-04-08
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured…
- CVE-2020-17409MEDIUMCVSS 6.5EG 6.52020-10-13
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not require…
- CVE-2020-27863MEDIUMCVSS 6.5EG 6.52021-02-12
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exis…
- CVE-2020-27865HIGHCVSS 8.8EG 8.82021-02-12
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific…
- CVE-2020-27866HIGHCVSS 8.8EG 9.02021-02-12
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 …
- CVE-2020-36713CRITICALCVSS 9.8EG 9.82023-06-07
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthent…
- CVE-2020-36724CRITICALCVSS 9.8EG 9.82023-06-07
The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose compari…
- CVE-2020-37156MEDIUMCVSS 6.5EG 6.52026-02-11
BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters t…
- CVE-2020-4050LOWCVSS 3.5EG 3.52020-06-12
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be …
- CVE-2020-5384HIGHCVSS 8.4EG 8.42020-07-31
Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass…
- CVE-2020-6091CRITICALCVSS 9.1EG 9.12020-05-22
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass res…
- CVE-2021-21952CRITICALCVSS 9.8EG 9.82021-12-22
An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges.
- CVE-2021-26634CRITICALCVSS 9.8EG 9.82022-06-02
SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attacker…
- CVE-2021-27453HIGHCVSS 7.3EG 7.32021-12-21
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access.
- CVE-2021-28131HIGHCVSS 7.5EG 7.52021-07-22
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's se…
- CVE-2021-31559HIGHCVSS 7.5EG 7.52022-05-06
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPToke…
- CVE-2021-32958MEDIUMCVSS 5.5EG 5.52022-05-23
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate va…
- CVE-2021-32967CRITICALCVSS 9.8EG 9.82021-08-30
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.
- CVE-2021-32980CRITICALCVSS 9.8EG 9.82022-04-04
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.
- CVE-2021-32984CRITICALCVSS 9.8EG 9.82022-04-04
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized use…
- CVE-2021-32986CRITICALCVSS 9.8EG 9.82022-04-04
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subseq…
- CVE-2021-33017HIGHCVSS 8.1EG 8.12021-12-27
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.
- CVE-2021-33700HIGHCVSS 7.8EG 7.82021-09-15
SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information w…
Map vulnerabilities like CWE-288 to your infrastructure
EchelonGraph correlates every CVE — across CWE-288 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →