CWE WEAKNESSES / CWE-290
CWE-290
Authentication Bypass by Spoofing
Base
What it is
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Impact
| Access Control | Bypass Protection Mechanism, Gain Privileges or Assume Identity |
Real-world CVE examples
- CVE-2022-30319 — S-bus functionality in a home automation product performs access control using an IP allowlist, which can be bypassed by a forged IP address.
- CVE-2009-1048 — VOIP product allows authentication bypass using 127.0.0.1 in the Host header.
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →