CWE-288: CWE-288: Authentication Bypass Using an Alternate Path or Channel
Description
View on MITRETechnical Details
- Structure
- Simple
- Vulnerability Mapping
- ALLOWED
Applicable To
Security Consequences
Scope
Impact
Mitigation Strategies
Phase
Description
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
No examples or observed CVEs available for this CWE.
CWE Relationships
No relationship information available for this CWE.
Frequently Asked Questions
What is CWE-288: CWE-288: Authentication Bypass Using an Alternate Path or Channel?+
CWE-288: CWE-288: Authentication Bypass Using an Alternate Path or Channel is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description
What are the security consequences of CWE-288: Authentication Bypass Using an Alternate Path or Channel?+
If exploited, CWE-288 (CWE-288: Authentication Bypass Using an Alternate Path or Channel) it can compromise Bypass Protection Mechanism, leading to outcomes such as Scope: Access Control.
How do you prevent or mitigate CWE-288: Authentication Bypass Using an Alternate Path or Channel?+
Recommended mitigations for CWE-288 include: Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Which programming languages are affected by CWE-288: Authentication Bypass Using an Alternate Path or Channel?+
CWE-288 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-288 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.