CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288
CVE-2019-5486 HIGH
GitLab <12.3.2, <12.2.6, and <12.1.10 - Authentication Bypass via Salesforce Login Integration
CVSS 8.8
CVE-2019-18250 CRITICAL
ABB Plant Connect and Power Generation Information Manager - Authentication Bypass
CVSS 9.8
CVE-2019-3758 CRITICAL
RSA Archer < 6.6.0.2 - Unauthenticated Authentication Bypass via Weak Password Requirements
CVSS 9.8
CVE-2019-5473 HIGH
GitLab - Authentication Bypass via Email Verification
CVSS 7.2
CVE-2019-13526 HIGH
Datalogic AV7000 Firmware < 4.6.0.0 - Authentication Bypass
CVSS 8.8
CVE-2019-5455 MEDIUM
Nextcloud Android app 3.6.0 - Improper Authentication via Multi-Account Creation Abort
CVSS 6.8
CVE-2019-5453 MEDIUM
Nextcloud Android App < 3.3.0 - Authentication Bypass via File Provider Switch
CVSS 6.1
CVE-2019-5451 MEDIUM
Nextcloud Android App < 3.6.1 - Unauthenticated Lock Protection Bypass
CVSS 4.6
CVE-2019-6551 HIGH
Pangea Communications Internet FAX ATA <3.1.8 - Auth Bypass
CVSS 7.5
CVE-2018-19000 MEDIUM
LCDS Laquis SCADA < 4.1.0.4150 - Authentication Bypass
CVSS 5.3
CVE-2018-17918 CRITICAL
Circontrol CirCarLife < 4.3.1 - Authentication Bypass via Specific Page URL
CVSS 9.8
CVE-2018-8859 CRITICAL
Echelon SmartServer <4.11.007, i.LON 100 - Auth Bypass
CVSS 9.8
CVE-2018-5386 HIGH
Navarino Infinity <2.2 - Info Disclosure
CVSS 7.5
CVE-2018-4852 CRITICAL
SICLOCK TC100 and TC400 - Authentication Bypass via Device-Specific Knowledge
CVSS 9.8
CVE-2018-10841 HIGH
glusterfs < 4.1.8 - Authenticated Privilege Escalation via Trusted Storage Pool Manipulation
CVSS 8.8
CVE-2017-9944 CRITICAL
Siemens 7KT PAC1200 Data Manager < V2.03 - Unauthenticated Privilege Escalation via Web Server
CVSS 9.8
CVE-2017-6871 MEDIUM
Siemens SIMATIC WinCC Sm@rtClient - Auth Bypass
CVSS 5.4
CVE-2017-5174 CRITICAL
Geutebruck IP Camera G-Cam/EFD-2250 <1.11.0.12 - Auth Bypass
CVSS 9.8
CVE-2016-9497 HIGH
Hughes HN7740S DW7000 HN7000S/SM Firmware - Unauthenticated Authentication Bypass via Telnet Port 1953
CVSS 8.8
Details
Vulnerabilities 569
Links
MITRE CWE Entry Search this CWE With Exploits