Description

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design

Related Attack Patterns

• CAPEC-127
• CAPEC-56

Common Consequences

Detection Methods
None

Potential Mitigations

Relationships
overlaps Unprotected Alternate Channel

Demonstrative Examples
None

Observed Examples

1. CVE-2000-1179 : Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
2. CVE-1999-1454 : Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key.
3. CVE-1999-1077 : OS allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
4. CVE-2003-0304 : Direct request of installation file allows attacker to create administrator accounts.
5. CVE-2002-0870 : Attackers may gain additional privileges by directly requesting the web management URL.
6. CVE-2002-0066 : Bypass authentication via direct request to named pipe.
7. CVE-2003-1035 : User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

References:
None