CWE-290: Authentication Bypass by Spoofing

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

常见后果

影响范围: Access Control

技术影响: Bypass Protection Mechanism Gain Privileges or Assume Identity

说明: This weakness can allow an attacker to access resources which are not otherwise accessible without proper authentication.

观察示例

参考: CVE-2022-30319

S-bus functionality in a home automation product performs access control using an IP allowlist, which can be bypassed by a forged IP address.

参考: CVE-2009-1048

VOIP product allows authentication bypass using 127.0.0.1 in the Host header.

引入模式

阶段 说明
Implementation -

分类映射

分类名称 条目ID 条目名称 映射适配度
PLOVER - Authentication bypass by spoofing -
关键信息

CWE ID: CWE-290

抽象级别: Base

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-1390

Weak Authentication

Class
ChildOf CWE-287

Improper Authentication

Class
相关攻击模式
CAPEC-21 CAPEC-22 CAPEC-459 CAPEC-461 CAPEC-473 CAPEC-476 CAPEC-59 CAPEC-60 CAPEC-667 CAPEC-94
返回列表