CWE-290: Authentication Bypass by Spoofing

ID CWE-290

Abstraction Base

Structure Simple

Status Incomplete

Number of CVEs 269

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Modes of Introduction

Phase	Note
Implementation

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-1390	Weak Authentication	Class	Simple	Incomplete
CWE-1003	Weaknesses for Simplified Mapping of Published Vulnerabilities	Incomplete	CWE-287	Improper Authentication	Class	Simple	Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-21	Exploitation of Trusted Identifiers	CWE-290
CAPEC-22	Exploiting Trust in Client	CWE-290
CAPEC-59	Session Credential Falsification through Prediction	CWE-290
CAPEC-60	Reusing Session IDs (aka Session Replay)	CWE-290
CAPEC-94	Adversary in the Middle (AiTM)	CWE-290
CAPEC-459	Creating a Rogue Certification Authority Certificate	CWE-290
CAPEC-461	Web Services API Signature Forgery Leveraging Hash Function Extension Weakness	CWE-290
CAPEC-473	Signature Spoof	CWE-290
CAPEC-476	Signature Spoofing by Misrepresentation	CWE-290
CAPEC-667	Bluetooth Impersonation AttackS (BIAS)	CWE-290

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date