CWE-288
Authentication Bypass Using an Alternate Path or Channel
Incomplete
2006-07-19 00:00 +00:00
2023-10-26 00:00 +00:00
Alerte pour un CWE
Stay informed of any changes for a specific CWE.
Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
Informations
Modes Of Introduction
Architecture and Design : COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic.Architecture and Design : This is often seen in web applications that assume that access to a particular CGI program can only be obtained through a "front" screen, when the supporting programs are directly accessible. But this problem is not just in web apps.
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Access Control | Bypass Protection Mechanism |
Observed Examples
| Reference | Description |
|---|---|
| Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters. | |
| Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key. | |
| OS allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock. | |
| Direct request of installation file allows attacker to create administrator accounts. | |
| Attackers may gain additional privileges by directly requesting the web management URL. | |
| Bypass authentication via direct request to named pipe. | |
| User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing. |
Potential Mitigations
Phases : Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Related Attack Patterns
| CAPEC-ID | Attack Pattern Name |
|---|---|
| CAPEC-127 | Directory Indexing An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks. |
| CAPEC-665 | Exploitation of Thunderbolt Protection Flaws An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow. |
Notes
overlaps Unprotected Alternate ChannelSubmission
| Name | Organization | Date | Date Release | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Description, Modes_of_Introduction, Name, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings, Type | |
| CWE Content Team | MITRE | updated Observed_Examples | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Observed_Examples, Related_Attack_Patterns, Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns, Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Modes_of_Introduction, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes, Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples |
2024©
tesweb SA
