CWE-290 - Authentication Bypass by Spoofing


A spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage. This weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
E.g. Many of the protocols in the TCP/IP suite do not provide mechanisms for authenticating the source or destination of a message. They are thus vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host. IP spoofing and ARP spoofing in particular may be used to leverage man-in-the-middle attacks against hosts on a computer network.
The weakness is introduced during such stages as architecture and design and implementation. The exposure helps attackers to slip by protection mechanism, assign identity and get access to the resourses avoiding the process of authentication.
The vulnerability is intoduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-290


Description of CWE-290 on Mitre website