CWE-288 使用候选路径或通道进行的认证绕过

Authentication Bypass Using an Alternate Path or Channel

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: unkown

基本描述

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: PeerOf cwe_CWE_ID: 420 cwe_View_ID: 1000

  • cwe_Nature: PeerOf cwe_CWE_ID: 425 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
Access Control Bypass Protection Mechanism

可能的缓解方案

Architecture and Design

策略:

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

分析过的案例

标识 说明 链接
CVE-2000-1179 Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1179
CVE-1999-1454 Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1454
CVE-1999-1077 OS allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1077
CVE-2003-0304 Direct request of installation file allows attacker to create administrator accounts. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0304
CVE-2002-0870 Attackers may gain additional privileges by directly requesting the web management URL. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0870
CVE-2002-0066 Bypass authentication via direct request to named pipe. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0066
CVE-2003-1035 User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1035

Notes

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Authentication Bypass by Alternate Path/Channel
OWASP Top Ten 2007 A10 CWE More Specific Failure to Restrict URL Access

相关攻击模式

  • CAPEC-127