CWE-290 – Authentication Bypass by Spoofing

Read Time:25 Second

Description

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-287
CWE-287

 

Consequences

Access Control: Bypass Protection Mechanism, Gain Privileges or Assume Identity

This weakness can allow an attacker to access resources which are not otherwise accessible without proper authentication.

 

Potential Mitigations

CVE References

  • CVE-2009-1048
    • VOIP product allows authentication bypass using 127.0.0.1 in the Host header.