CWE-290 - Authentication Bypass by Spoofing

Description

A spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage. This weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
E.g. Many of the protocols in the TCP/IP suite do not provide mechanisms for authenticating the source or destination of a message. They are thus vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host. IP spoofing and ARP spoofing in particular may be used to leverage man-in-the-middle attacks against hosts on a computer network.
The weakness is introduced during such stages as architecture and design and implementation. The exposure helps attackers to slip by protection mechanism, assign identity and get access to the resourses avoiding the process of authentication.
The vulnerability is intoduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-290

Authentication bypass by spoofing in IBM Engineering Requirements Management DOORS Next 2023-10-09
Medium Yes
Authentication bypass by spoofing in IBM Engineering Lifecycle Management 2023-09-21
Medium Yes
Multiple vulnerabilities in Netcool Operations Insight 2023-09-20
High Yes
Multiple vulnerabilities in IBM i Modernization Engine for Lifecycle Integration 2023-09-12
High Yes
Multiple vulnerabilities in IBM Maximo Application Suite - Manage Component 2023-07-14
Medium Yes
Juniper Junos OS Evolved update for NTP 2023-07-13
Low Yes
Multiple vulnerabilities in Keycloak 2023-06-28
Medium No
Multiple vulnerabilities in IBM Directory Server and IBM Directory Suite products 2023-05-24
Medium Yes
Authentication bypass by spoofing in IBM Financial Transaction Manager 2023-03-06
Medium Yes
Authentication bypass by spoofing in IBM B2B Advanced Communications 2023-02-21
Medium Yes

References

Description of CWE-290 on Mitre website