CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288
CVE-2023-41256 CRITICAL
Doverfuelingsolutions Maglink LX Web Console Configuration - Authentication Bypass
CVSS 9.1
CVE-2023-20269 MEDIUM KEV
Cisco Adaptive Security Appliance Software - Authentication Bypass via Default Connection Profile
CVSS 5.0
CVE-2023-3162 CRITICAL
Stripe Payment Plugin for WooCommerce <3.7.7 - Auth Bypass
CVSS 9.8
CVE-2023-32002 CRITICAL
Node.js 16.0.0-16.20.1 - Policy Mechanism Bypass via Module._load()
CVSS 9.8
CVE-2023-3249 CRITICAL
Web3 - Crypto wallet Login & NFT token gating <= 2.6.0 - Authenticated Authentication Bypass via Hidden Form Data
CVSS 9.8
CVE-2023-2834 CRITICAL
BookIt WordPress <2.3.7 - Auth Bypass
CVSS 9.8
CVE-2023-30946 LOW
palantir/foundry_issues < 2.497.0 - Unauthenticated Metadata Exposure via Notification API
CVSS 3.5
CVE-2023-2982 CRITICAL
WordPress Social Login and Register <= 7.6.4 - Authentication Bypass via Insufficient Encryption
CVSS 9.8
CVE-2023-34335 HIGH
AMI MegaRAC SPX 12.0-12.7 - Unauthenticated SPI Flash Write via IPMI Handler
CVSS 7.7
CVE-2023-2986 CRITICAL
Abandoned Cart Lite for WooCommerce <= 5.14.2 - Unauthenticated Authentication Bypass via Insufficient Encryption
CVSS 9.8
CVE-2023-2546 HIGH
WP User Switch <= 1.0.2 - Authenticated Authentication Bypass via wpus_who_switch Cookie
CVSS 8.8
CVE-2023-2781 HIGH
User Email Verification for WooCommerce <= 3.5.0 - Unauthenticated Authentication Bypass via Email Verification Token
CVSS 8.1
CVE-2023-2734 CRITICAL
MStore API < 3.9.1 - Unauthenticated Authentication Bypass via Cart Sync REST API
CVSS 9.8
CVE-2023-2733 CRITICAL
MStore API < 3.9.0 - Unauthenticated Authentication Bypass via Coupon Redemption REST API
CVSS 9.8
CVE-2023-2732 CRITICAL
MStore API < 3.9.2 - Unauthenticated Authentication Bypass via Listing REST API
CVSS 9.8
CVE-2023-2704 CRITICAL
BP Social Connect <= 1.5 - Unauthenticated Authentication Bypass via Facebook Login
CVSS 9.8
CVE-2023-20003 MEDIUM
Cisco Business Wireless APs - Auth Bypass
CVSS 4.7
CVE-2023-2499 CRITICAL
RegistrationMagic < 5.2.1.0 - Unauthenticated Authentication Bypass via Google Social Login
CVSS 9.8
CVE-2023-31152 MEDIUM
Schweitzer Engineering Laboratories SEL RTAC - Auth Bypass
CVSS 4.0
CVE-2023-21098 HIGH
Android - Local Privilege Escalation
CVSS 7.8
CVE-2023-2027 CRITICAL
ZM Ajax Login & Register < 2.0.2 - Unauthenticated Authentication Bypass via Facebook Login
CVSS 9.8
CVE-2023-23503 MEDIUM
iPadOS < 15.7.3 - Privacy Preferences Bypass via Logic Issue
CVSS 5.5
CVE-2023-20018 HIGH
Cisco IP Phone <7800-8800 - Auth Bypass
CVSS 8.6
CVE-2023-22495 CRITICAL
maif izanami < 1.11.0 - Authentication Bypass via Hardcoded JWT Secret
CVSS 9.8
CVE-2022-25369 CRITICAL
Dynamicweb < 9.12.8 - Unauthenticated Administrator User Creation and Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 569
Links
MITRE CWE Entry Search this CWE With Exploits