CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288
CVE-2021-33700 HIGH
SAP Business One <10.0 - Auth Bypass
CVSS 7.8
CVE-2021-32967 CRITICAL
Delta Electronics DIAEnergie <1.7.5 - Privilege Escalation
CVSS 9.8
CVE-2021-28131 HIGH
Apache Impala < 4.0.0 - Authenticated Session Hijacking via Logged Session Secrets
CVSS 7.5
CVE-2020-37156 MEDIUM
BloodX 1.0 - Unauthenticated Authentication Bypass via Crafted Payload in login.php
CVSS 6.5
CVE-2020-36724 CRITICAL
Wordable plugin <3.1.1 - Auth Bypass
CVSS 9.8
CVE-2020-36713 CRITICAL
MStore API < 2.1.5 - Unauthenticated Authentication Bypass via Unrestricted Register and Update User Profile Routes
CVSS 9.8
CVE-2020-27866 HIGH
NETGEAR Multiple Routers Firmware - Unauthenticated Authentication Bypass via mini_httpd
CVSS 8.8
CVE-2020-27865 HIGH
D-Link DAP-1860 Firmware < 1.04b03 - Unauthenticated Remote Code Execution via uhttpd String Matching Flaw
CVSS 8.8
CVE-2020-27863 MEDIUM
D-Link DVA-2800 and DSL-2888A - Unauthenticated Sensitive Information Disclosure via dhttpd Service
CVSS 6.5
CVE-2020-13185 MEDIUM
Teradici Cloud Access Connector <18 - Auth Bypass
CVSS 6.5
CVE-2020-10048 MEDIUM
SIMATIC PCS 7 and WinCC < 7.5 SP2 - Improper Authentication via Insecure Password Verification
CVSS 5.5
CVE-2020-10148 CRITICAL KEV
SolarWinds Orion Platform 2019.4 HF 5, 2020.2, 2020.2 HF 1 - Unauthenticated API Authentication Bypass
CVSS 9.8
CVE-2020-17409 MEDIUM
NETGEAR R6120- WNR2020 - Info Disclosure
CVSS 6.5
CVE-2020-10283 CRITICAL
Micro Air Vehicle Link - Authentication Bypass via Version Negotiation Downgrade
CVSS 9.8
CVE-2020-5384 HIGH
RSA MFA Agent 2.0 - Unauthenticated Authentication Bypass via Alternate Path
CVSS 8.4
CVE-2020-15633 HIGH
D-Link DIR-867,DIR-878,DIR-882 <1.20B10_BETA - Auth Bypass
CVSS 8.8
CVE-2020-14485 CRITICAL
OpenClinic GA 5.09.02 and 5.89.05b - Improper Authentication
CVSS 9.8
CVE-2020-14477 LOW
Philips ClearVue 850/350 <3.2, CX50, Affiniti 70/50 <5.0, EPIQ 7 <5.0, Sparq <3.0.2, Xperius - Improper Authentication
CVSS 3.6
CVE-2020-4050 LOW
WordPress 3.7-5.4.1 - Arbitrary User Meta Field Injection via set-screen-option Filter Misuse
CVSS 3.5
CVE-2020-6091 CRITICAL
Epson EB-1470Ui Firmware MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303 - Authentication Bypass via HTTP Request
CVSS 9.1
CVE-2020-11005 MEDIUM
WindowsHello <1.0.4 - Info Disclosure
CVSS 5.1
CVE-2020-1637 HIGH
Juniper Junos OS on SRX Series Improper Authentication via IP Address Range Configuration
CVSS 7.2
CVE-2020-1618 MEDIUM
Juniper Junos OS Authentication Bypass via Console Port
CVSS 6.3
CVE-2019-5165 HIGH
Moxa AWK-3131A Firmware 1.13 - Authentication Bypass via Hostname Processing
CVSS 7.2
CVE-2019-9510 MEDIUM
Microsoft Windows 10 <1803 and Windows Server 2019 - Privilege Esca...
CVSS 5.3
Details
Vulnerabilities 569
Links
MITRE CWE Entry Search this CWE With Exploits