Back to CWE list
CWE-290
Authentication Bypass by Spoofing
Base
Incomplete
Description
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Access Control
Impact
Bypass Protection Mechanism, Gain Privileges or Assume Identity
CVE-2022-30319S-bus functionality in a home automation product performs access control using an IP allowlist, which can be bypassed by a forged IP address.
CVE-2009-1048VOIP product allows authentication bypass using 127.0.0.1 in the Host header.
Applicable Platforms
Not Language-Specific
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now