Authentication Bypass Using an Alternate Path or ChannelID: 288 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: INCOMPLETE |
Abstraction Type: Base |
Description
A product requires authentication, but the product has an
alternate path or channel that does not require authentication.
Applicable PlatformsLanguage Class: All
Time Of Introduction
Related Attack Patterns
Common Consequences
Scope | Technical Impact | Notes |
---|
Access_Control | Bypass protection
mechanism | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Architecture and Design | | Funnel all access through a single choke point to simplify how users
can access a resource. For every access, perform a check to determine if
the user has permissions to access the resource. | | |
Relationshipsoverlaps Unprotected Alternate Channel
Related CWE | Type | View | Chain |
---|
CWE-288 ChildOf CWE-898 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2000-1179 : Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
- CVE-1999-1454 : Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key.
- CVE-1999-1077 : OS allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
- CVE-2003-0304 : Direct request of installation file allows attacker to create administrator accounts.
- CVE-2002-0870 : Attackers may gain additional privileges by directly requesting the web management URL.
- CVE-2002-0066 : Bypass authentication via direct request to named pipe.
- CVE-2003-1035 : User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
PLOVER | | Authentication Bypass by Alternate
Path/Channel | |
OWASP Top Ten 2007 | A10 | Failure to Restrict URL Access | CWE_More_Specific |
References:None