CWE-288: Authentication Bypass Using an Alternate Path or Channel
Weakness ID: 288
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
Time of Introduction
Architecture and Design
Modes of Introduction
This is often seen in web applications that assume that access to a
particular CGI program can only be obtained through a "front" screen, when
the supporting programs are directly accessible. But this problem is not
just in web apps.
OS allows local attackers to bypass the password
protection of idled sessions via the programmer's switch or CMD-PWR keyboard
sequence, which brings up a debugger that the attacker can use to disable