Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

GHSA-WVXC-2969-V7X4

Vulnerability from github – Published: 2024-10-26 03:30 – Updated: 2024-10-26 03:30
VLAI
Details

The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9890"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-26T03:15:04Z",
    "severity": "HIGH"
  },
  "details": "The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the \u0027switchUser\u0027 function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.",
  "id": "GHSA-wvxc-2969-v7x4",
  "modified": "2024-10-26T03:30:43Z",
  "published": "2024-10-26T03:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9890"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/user-toolkit/tags/1.2.3/src/UserSwitch.php#L51"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3175190/user-toolkit#file5"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/805f18e2-9a5a-48cf-81f4-825da4bfd8ef?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WW95-XWW8-JVM2

Vulnerability from github – Published: 2026-05-27 12:31 – Updated: 2026-05-27 12:31
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42735"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T11:16:20Z",
    "severity": "HIGH"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through \u003c= 4.3.0.",
  "id": "GHSA-ww95-xww8-jvm2",
  "modified": "2026-05-27T12:31:22Z",
  "published": "2026-05-27T12:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42735"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/kivicare-clinic-management-system/vulnerability/wordpress-kivicare-plugin-4-3-0-broken-authentication-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WWXR-XF9X-XPJ6

Vulnerability from github – Published: 2024-10-25 15:31 – Updated: 2024-11-15 00:31
VLAI
Details

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device.

Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-25T13:15:17Z",
    "severity": "CRITICAL"
  },
  "details": "This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device.",
  "id": "GHSA-wwxr-xf9x-xpj6",
  "modified": "2024-11-15T00:31:50Z",
  "published": "2024-10-25T15:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10381"
    },
    {
      "type": "WEB",
      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0328"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X29J-XWRC-HXR3

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiAnalyzer Cloud 7.6.0 through 7.6.3, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2.2 through 7.2.10, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11, FortiManager Cloud 7.6.0 through 7.6.3, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2.2 through 7.2.10 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:18:12Z",
    "severity": "HIGH"
  },
  "details": "An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiAnalyzer Cloud 7.6.0 through 7.6.3, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2.2 through 7.2.10, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11, FortiManager Cloud 7.6.0 through 7.6.3, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2.2 through 7.2.10 may allow  an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.",
  "id": "GHSA-x29j-xwrc-hxr3",
  "modified": "2026-03-10T18:31:19Z",
  "published": "2026-03-10T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22572"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-090"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2H2-HW5M-3QWQ

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI
Details

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-35422"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:17:12Z",
    "severity": "MODERATE"
  },
  "details": "Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.",
  "id": "GHSA-x2h2-hw5m-3qwq",
  "modified": "2026-05-12T18:30:44Z",
  "published": "2026-05-12T18:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35422"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35422"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2V7-676C-4X7C

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30
VLAI
Details

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-17409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-13T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754.",
  "id": "GHSA-x2v7-676c-4x7c",
  "modified": "2022-05-24T17:30:34Z",
  "published": "2022-05-24T17:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17409"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X33C-7C2V-MRJ9

Vulnerability from github – Published: 2025-11-06 15:47 – Updated: 2025-11-06 23:13
VLAI
Summary
Apollo Router Affected by an Access Control Bypass on Polymorphic Types
Details

Summary

A vulnerability in Apollo Router allowed for unauthenticated queries to access data that required additional access controls. Router incorrectly handled access control directives on interface types/fields and their implementing object types/fields, applying them to interface types/fields while ignoring directives on their implementing object types/fields when all implementations had the same requirements.

Details

Apollo Federation allows users to specify access control directives (@authenticated, @requiresScopes, and @policy) to protect object and interface types and fields. However, the GraphQL specification does not define inheritance rules for directives from interfaces to their implementations. Apollo Router will enforce any directives on the interface types/fields but ignore any directives on the implementation object types/fields (as long as all implementations have the same requirements). This inconsistent enforcement behavior leads to unexpected runtime security gaps.

Who is impacted

This vulnerability impacts Apollo Router customers defining @authenticated, @requiresScopes, or @policy directives inconsistently on polymorphic types (i.e., object types that implement interface types). Specifically, if the same access control directives are applied to all implementing types/fields but not on their implemented interface types/fields, they could be impacted.

Scope of Impact

This vulnerability could allow a malicious actor to craft a query that can bypass access control requirements on the object types/fields by instead querying them via implemented interface types/fields that don't have the same access control requirements.

Patches

This vulnerability has been fixed at runtime in Apollo Router. You may update Router to one of the following versions:

  • 1.61.12+
  • 2.8.1+

Workarounds

  • If you are not immediately updating Router to a patched version, you should apply any included access control requirements to both the appropriate interface types/fields and their implementations.
  • Customers not using Apollo Router access control features (@authenticated, @requiresScopes, or @policy directives) or not specifying inconsistent access control requirements on polymorphic types/fields are not affected and do not need to take action.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "apollo-router"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.61.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "apollo-router"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0-alpha.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-64173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-06T15:47:05Z",
    "nvd_published_at": "2025-11-06T21:15:43Z",
    "severity": "HIGH"
  },
  "details": "# Summary\n\nA vulnerability in Apollo Router allowed for unauthenticated queries to access data that required additional access controls. Router incorrectly handled access control directives on interface types/fields and their implementing object types/fields, applying them to interface types/fields while ignoring directives on their implementing object types/fields when all implementations had the same requirements.\n\n## Details\n\nApollo Federation allows users to specify access control directives ([`@authenticated`, `@requiresScopes`, and `@policy`](https://www.apollographql.com/docs/graphos/routing/security/authorization#authorization-directives)) to protect object and interface types and fields. However, the GraphQL specification does not define inheritance rules for directives from interfaces to their implementations. Apollo Router will enforce any directives on the interface types/fields but ignore any directives on the implementation object types/fields (as long as all implementations have the same requirements). This inconsistent enforcement behavior leads to unexpected runtime security gaps.\n\n## Who is impacted\n\nThis vulnerability impacts Apollo Router customers defining `@authenticated`, `@requiresScopes`, or `@policy` directives inconsistently on polymorphic types (i.e., object types that implement interface types).  Specifically, if the same access control directives are applied to all implementing types/fields but not on their implemented interface types/fields, they could be impacted.\n\n### Scope of Impact\n\nThis vulnerability could allow a malicious actor to craft a query that can bypass access control requirements on the object types/fields by instead querying them via implemented interface types/fields that don\u0027t have the same access control requirements.\n\n## Patches\n\nThis vulnerability has been fixed at runtime in Apollo Router. You may update Router to one of the following versions:\n\n- 1.61.12+\n- 2.8.1+\n\n## Workarounds\n\n- If you are not immediately updating Router to a patched version, you should apply any included access control requirements to *both* the appropriate interface types/fields and their implementations.\n- Customers not using Apollo Router access control features (`@authenticated`, `@requiresScopes`, or `@policy` directives) or not specifying inconsistent access control requirements on polymorphic types/fields are not affected and do not need to take action.",
  "id": "GHSA-x33c-7c2v-mrj9",
  "modified": "2025-11-06T23:13:08Z",
  "published": "2025-11-06T15:47:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/apollographql/router/security/advisories/GHSA-x33c-7c2v-mrj9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64173"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apollographql/router/commit/75ca43ecb9d38423b63d09896702f9da425cc754"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apollographql/router"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apollographql/router/releases/tag/v2.8.1"
    },
    {
      "type": "WEB",
      "url": "https://www.apollographql.com/docs/graphos/routing/security/authorization#authorization-directives"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apollo Router Affected by an Access Control Bypass on Polymorphic Types"
}

GHSA-X3J2-3CG4-HVRW

Vulnerability from github – Published: 2023-09-11 21:30 – Updated: 2024-04-04 07:35
VLAI
Details

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-11T19:15:43Z",
    "severity": "CRITICAL"
  },
  "details": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n",
  "id": "GHSA-x3j2-3cg4-hvrw",
  "modified": "2024-04-04T07:35:58Z",
  "published": "2023-09-11T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41256"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3MP-X433-H32F

Vulnerability from github – Published: 2025-06-27 09:31 – Updated: 2025-06-27 09:31
VLAI
Details

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6688"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-27T08:15:23Z",
    "severity": "CRITICAL"
  },
  "details": "The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user\u0027s identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.",
  "id": "GHSA-x3mp-x433-h32f",
  "modified": "2025-06-27T09:31:19Z",
  "published": "2025-06-27T09:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6688"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3318371/simple-payment/tags/2.3.9/simple-payment-plugin.php"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4e2f87-e3ad-4f1b-b647-f5e5a49f691b?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3WV-6RHV-59PR

Vulnerability from github – Published: 2025-11-06 18:32 – Updated: 2025-11-06 18:32
VLAI
Details

On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59392"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-06T16:16:01Z",
    "severity": "MODERATE"
  },
  "details": "On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port.",
  "id": "GHSA-x3wv-6rhv-59pr",
  "modified": "2025-11-06T18:32:55Z",
  "published": "2025-11-06T18:32:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59392"
    },
    {
      "type": "WEB",
      "url": "https://www.elspec-ltd.com/metering-protection/g5-multi-functional-digital-fault-recorder"
    },
    {
      "type": "WEB",
      "url": "https://www.elspec-ltd.com/support/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.