BaseIncomplete

CWE-290Authentication Bypass by Spoofing

Category: auth

Description

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism, Gain Privileges or Assume Identity
    This weakness can allow an attacker to access resources which are not otherwise accessible without proper authentication.

Related CAPEC attack patterns· 10

CAPEC-21CAPEC-22CAPEC-459CAPEC-461CAPEC-473CAPEC-476CAPEC-59CAPEC-60CAPEC-667CAPEC-94

References

  1. https://cwe.mitre.org/data/definitions/290.html

Exploits (incoming)10

TypeTargetConfidenceTier
AttackPatternExploiting Trust in Clientcapec-22100%live
AttackPatternExploitation of Trusted Identifierscapec-21100%live
AttackPatternReusing Session IDs (aka Session Replay)capec-60100%live
AttackPatternSignature Spoofcapec-473100%live
AttackPatternWeb Services API Signature Forgery Leveraging Hash Function Extension Weaknesscapec-461100%live
AttackPatternSession Credential Falsification through Predictioncapec-59100%live
AttackPatternSignature Spoofing by Misrepresentationcapec-476100%live
AttackPatternBluetooth Impersonation AttackS (BIAS)capec-667100%live
AttackPatternAdversary in the Middle (AiTM)capec-94100%live
AttackPatternCreating a Rogue Certification Authority Certificatecapec-459100%live

Compliance frameworks addressing this (incoming)1

TypeTargetConfidenceTier
ComplianceControlowasp_api_top10-api02100%live

(incoming)60

TypeTargetConfidenceTier
VulnerabilityCVE-2025-1104cve-2025-11040%live
VulnerabilityCVE-2025-11209cve-2025-112090%live
VulnerabilityCVE-2025-11250cve-2025-112500%live
VulnerabilityCVE-2025-1298cve-2025-12980%live
VulnerabilityCVE-2025-21415cve-2025-214150%live
VulnerabilityCVE-2025-2188cve-2025-21880%live
VulnerabilityCVE-2025-23168cve-2025-231680%live
VulnerabilityCVE-2025-25182cve-2025-251820%live
VulnerabilityCVE-2025-27616cve-2025-276160%live
VulnerabilityCVE-2025-27671cve-2025-276710%live
VulnerabilityCVE-2025-30142cve-2025-301420%live
VulnerabilityCVE-2025-31170cve-2025-311700%live
VulnerabilityCVE-2025-32966cve-2025-329660%live
VulnerabilityCVE-2025-36119cve-2025-361190%live
VulnerabilityCVE-2025-36594cve-2025-365940%live
VulnerabilityCVE-2025-36753cve-2025-367530%live
VulnerabilityCVE-2025-43245cve-2025-432450%live
VulnerabilityCVE-2025-48906cve-2025-489060%live
VulnerabilityCVE-2025-49002cve-2025-490020%live
VulnerabilityCVE-2025-54576cve-2025-545760%live
VulnerabilityCVE-2025-56449cve-2025-564490%live
VulnerabilityCVE-2025-59385cve-2025-593850%live
VulnerabilityCVE-2025-59706cve-2025-597060%live
VulnerabilityCVE-2025-59707cve-2025-597070%live
VulnerabilityCVE-2025-62235cve-2025-622350%live
VulnerabilityCVE-2025-66570cve-2025-665700%live
VulnerabilityCVE-2025-67298cve-2025-672980%live
VulnerabilityCVE-2025-69203cve-2025-692030%live
VulnerabilityCVE-2025-69258cve-2025-692580%live
VulnerabilityCVE-2025-71056cve-2025-710560%live

Showing top 30 of 60 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Authentication Bypass by Primary Weakness
CWE
Improper Authentication
CWE
Authentication Bypass by Assumed-Immutable Data
CWE
Authentication Bypass by Alternate Name
CWE
Incorrect Implementation of Authentication Algorithm
CWE
DEPRECATED: Authentication Bypass Issues
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.