CWE-288

Authentication Bypass Using an Alternate Path or Channel

AI Translation Available

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Status

incomplete

Abstraction

base

Affected Platforms

Not Technology-Specific Web Based

Technical Details

AI Translation

Common Consequences

access control

Impacts

bypass protection mechanism

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

AI Generated Translation

Common Consequences

controllo degli accessi

Impacts

elusione del meccanismo di protezione

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Convogliare tutto l'accesso attraverso un unico punto di snodo per semplificare il modo in cui gli utenti possono accedere a una risorsa. Per ogni accesso, eseguire un controllo per determinare se l'utente ha i permessi per accedere alla risorsa.

CWE-288

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter