CWE-288 使用候选路径或通道进行的认证绕过
Authentication Bypass Using an Alternate Path or Channel
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: unkown
基本描述
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 699 cwe_Ordinal: Primary
-
cwe_Nature: PeerOf cwe_CWE_ID: 420 cwe_View_ID: 1000
-
cwe_Nature: PeerOf cwe_CWE_ID: 425 cwe_View_ID: 1000
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Access Control | Bypass Protection Mechanism |
可能的缓解方案
Architecture and Design
策略:
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2000-1179 | Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1179 |
| CVE-1999-1454 | Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1454 |
| CVE-1999-1077 | OS allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1077 |
| CVE-2003-0304 | Direct request of installation file allows attacker to create administrator accounts. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0304 |
| CVE-2002-0870 | Attackers may gain additional privileges by directly requesting the web management URL. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0870 |
| CVE-2002-0066 | Bypass authentication via direct request to named pipe. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0066 |
| CVE-2003-1035 | User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1035 |
Notes
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Authentication Bypass by Alternate Path/Channel | ||
| OWASP Top Ten 2007 | A10 | CWE More Specific | Failure to Restrict URL Access |
相关攻击模式
- CAPEC-127