CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1073 vulnerabilities reference this CWE, most recent first.
GHSA-H5J3-5X63-P8JV
Vulnerability from github – Published: 2022-09-16 17:05 – Updated: 2022-09-16 17:05Impact
By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. Users can also be created when an external authentication system like LDAP is configured, but authentication fails unless the authentication system supports a bypass/local accounts are enabled in addition to the external authentication system.
Patches
This issue has been patched in XWiki 13.10.5 and 14.3RC1.
Workarounds
It is possible to replace xpart.vm, the entry point for this attack, by a patched version from the patch without updating XWiki.
References
- https://jira.xwiki.org/browse/XWIKI-19558
For more information
If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-web-templates"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.10.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-web"
},
"ranges": [
{
"events": [
{
"introduced": "8.0-rc-1"
},
{
"fixed": "13.10.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-web-templates"
},
"ranges": [
{
"events": [
{
"introduced": "14.0"
},
{
"fixed": "14.3-rc-1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-web"
},
"ranges": [
{
"events": [
{
"introduced": "14.0"
},
{
"fixed": "14.3-rc-1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-36093"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T17:05:55Z",
"nvd_published_at": "2022-09-08T18:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nBy passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. Users can also be created when an external authentication system like LDAP is configured, but authentication fails unless the authentication system supports a bypass/local accounts are enabled in addition to the external authentication system.\n\n### Patches\nThis issue has been patched in XWiki 13.10.5 and 14.3RC1.\n\n### Workarounds\nIt is possible to replace `xpart.vm`, the entry point for this attack, by a patched version from the [patch](https://github.com/xwiki/xwiki-platform/commit/70c64c23f4404f33289458df2a08f7c4be022755) without updating XWiki.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-19558\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)\n",
"id": "GHSA-h5j3-5x63-p8jv",
"modified": "2022-09-16T17:05:55Z",
"published": "2022-09-16T17:05:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h5j3-5x63-p8jv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36093"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/commit/70c64c23f4404f33289458df2a08f7c4be022755"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-19558"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard"
}
GHSA-H5XV-5CPX-PF45
Vulnerability from github – Published: 2025-03-25 15:31 – Updated: 2025-03-25 15:31VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.
{
"affected": [],
"aliases": [
"CVE-2025-22230"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-25T14:15:28Z",
"severity": "HIGH"
},
"details": "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control.\u00a0A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.",
"id": "GHSA-h5xv-5cpx-pf45",
"modified": "2025-03-25T15:31:29Z",
"published": "2025-03-25T15:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22230"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H6QG-7FQ8-GW5H
Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-09-17 15:30This vulnerability affects Firefox < 143 and Thunderbird < 143.
{
"affected": [],
"aliases": [
"CVE-2025-10531"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T13:15:46Z",
"severity": "MODERATE"
},
"details": "This vulnerability affects Firefox \u003c 143 and Thunderbird \u003c 143.",
"id": "GHSA-h6qg-7fq8-gw5h",
"modified": "2025-09-17T15:30:28Z",
"published": "2025-09-16T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10531"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1978453"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2025-77"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H886-6WVM-63QX
Vulnerability from github – Published: 2026-02-20 18:31 – Updated: 2026-02-26 00:31Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7.
{
"affected": [],
"aliases": [
"CVE-2025-67998"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-20T16:22:06Z",
"severity": "HIGH"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through \u003c= 2.0.7.",
"id": "GHSA-h886-6wvm-63qx",
"modified": "2026-02-26T00:31:23Z",
"published": "2026-02-20T18:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67998"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/miraculous-el/vulnerability/wordpress-miraculous-elementor-plugin-2-0-7-broken-authentication-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H8MC-VJ52-4VXX
Vulnerability from github – Published: 2025-11-19 00:31 – Updated: 2025-11-19 15:31The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.
{
"affected": [],
"aliases": [
"CVE-2025-63217"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-18T22:15:51Z",
"severity": "CRITICAL"
},
"details": "The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.",
"id": "GHSA-h8mc-vj52-4vxx",
"modified": "2025-11-19T15:31:38Z",
"published": "2025-11-19T00:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63217"
},
{
"type": "WEB",
"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63217%20_%20Itel%20DAB%20MUX%20Authentication%20Bypass"
},
{
"type": "WEB",
"url": "https://www.itel.it"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H8QQ-2M4G-FP6F
Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2023-03-08 21:30A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.
{
"affected": [],
"aliases": [
"CVE-2023-23503"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-27T20:15:00Z",
"severity": "MODERATE"
},
"details": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.",
"id": "GHSA-h8qq-2m4g-fp6f",
"modified": "2023-03-08T21:30:23Z",
"published": "2023-02-27T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23503"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213598"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213599"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213601"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213605"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213606"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H8VR-Q495-8MWJ
Vulnerability from github – Published: 2025-05-14 18:30 – Updated: 2025-05-19 15:30Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
{
"affected": [],
"aliases": [
"CVE-2025-47710"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-14T17:15:50Z",
"severity": "HIGH"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.",
"id": "GHSA-h8vr-q495-8mwj",
"modified": "2025-05-19T15:30:39Z",
"published": "2025-05-14T18:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47710"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2025-056"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H9X6-QCR3-MF95
Vulnerability from github – Published: 2024-10-25 06:30 – Updated: 2024-10-25 06:30The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
{
"affected": [],
"aliases": [
"CVE-2024-9488"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-25T06:15:13Z",
"severity": "CRITICAL"
},
"details": "The Comments \u2013 wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.",
"id": "GHSA-h9x6-qcr3-mf95",
"modified": "2024-10-25T06:30:33Z",
"published": "2024-10-25T06:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9488"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wpdiscuz/trunk/forms/wpdFormAttr/Login/SocialLogin.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3164486"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b71706a7-e101-4d50-a2da-1aeeaf07cf4b?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H9XX-632F-3WF6
Vulnerability from github – Published: 2024-12-13 15:30 – Updated: 2026-04-01 18:32Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia allows Authentication Bypass.This issue affects Projectopia: from n/a through 5.1.7.
{
"affected": [],
"aliases": [
"CVE-2024-54336"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-13T15:15:40Z",
"severity": "HIGH"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia allows Authentication Bypass.This issue affects Projectopia: from n/a through 5.1.7.",
"id": "GHSA-h9xx-632f-3wf6",
"modified": "2026-04-01T18:32:46Z",
"published": "2024-12-13T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54336"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/projectopia-core/vulnerability/wordpress-projectopia-plugin-5-1-7-account-takeover-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HF6C-FGP3-JFCH
Vulnerability from github – Published: 2025-04-01 00:30 – Updated: 2025-04-29 20:25Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing. This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "drupal/tfa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-31694"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-02T17:15:20Z",
"nvd_published_at": "2025-03-31T22:15:22Z",
"severity": "HIGH"
},
"details": "Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing. This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.",
"id": "GHSA-hf6c-fgp3-jfch",
"modified": "2025-04-29T20:25:54Z",
"published": "2025-04-01T00:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31694"
},
{
"type": "PACKAGE",
"url": "https://git.drupalcode.org/project/tfa"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2025-023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Drupal Two-factor Authentication (TFA) Vulnerable to Forceful Browsing"
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.