CWE•Base•Incomplete•4 recent CVEs

CWE-289Authentication Bypass by Alternate Name

Description

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

Common consequences

Access Control→Bypass Protection Mechanism

Potential mitigations

Architecture and Design
Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names.
Implementation
[object Object]
Implementation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

Related CWEs

CWE-1390Weak Authentication

Recent CVEs classified under this CWE

CVE-2026-436174.82026-05-20 CVE-2026-31843.72026-04-03 CVE-2024-20987.52024-06-13 CVE-2023-18039.82023-04-14