CWE-288

Authentication Bypass Using an Alternate Path or Channel

Weakness Description

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Potential Mitigations

Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

Common Consequences

Access Control
Bypass Protection Mechanism
Advertisement

Related Weaknesses