CWE-290
AllowedAuthentication Bypass by Spoofing
Abstraction: Base · Status: Incomplete
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
927 vulnerabilities reference this CWE, most recent first.
GHSA-4V9X-CQC5-J645
Vulnerability from github – Published: 2026-05-05 17:58 – Updated: 2026-05-05 17:58Summary
Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker.
Details
The following functions are affected under the Authentication endpoint: getAuthorisedNames, getPermissionsForUser, hasPermission, addPermission, and removePermission.
The vulnerability allows unauthenticated users to execute these function calls with arbitrary arguments. In the logs, the exploit shows as follows:
[INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@getAuthorisedNames
[INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@addPermission
Impact
An attacker with a CodeChecker user can effectively acquire superuser permissions by calling these endpoints.
Patch
A patch is available at https://github.com/Ericsson/codechecker/releases/tag/v6.27.4.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "codechecker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.27.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25660"
],
"database_specific": {
"cwe_ids": [
"CWE-290",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T17:58:09Z",
"nvd_published_at": "2026-04-24T14:16:18Z",
"severity": "CRITICAL"
},
"details": "### Summary\nAuthentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker.\n\n### Details\n\nThe following functions are affected under the Authentication endpoint: `getAuthorisedNames`, `getPermissionsForUser`, `hasPermission`, `addPermission`, and `removePermission`.\n\nThe vulnerability allows unauthenticated users to execute these function calls with arbitrary arguments.\nIn the logs, the exploit shows as follows:\n```\n[INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@getAuthorisedNames\n[INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@addPermission\n```\n\n### Impact\nAn attacker with a CodeChecker user can effectively acquire superuser permissions by calling these endpoints.\n\n### Patch\nA patch is available at https://github.com/Ericsson/codechecker/releases/tag/v6.27.4.",
"id": "GHSA-4v9x-cqc5-j645",
"modified": "2026-05-05T17:58:09Z",
"published": "2026-05-05T17:58:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25660"
},
{
"type": "PACKAGE",
"url": "https://github.com/Ericsson/codechecker"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P",
"type": "CVSS_V4"
}
],
"summary": "Codechecker has an authentication bypass for certain API calls"
}
GHSA-4XPC-PV4P-PM3W
Vulnerability from github – Published: 2026-06-16 23:38 – Updated: 2026-06-16 23:38Impact
A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes.
The auth layer derived the effective route from request.url.path in litellm/proxy/auth/auth_utils.py::get_request_route(), which Starlette reconstructs from the Host header. A crafted Host could therefore make the auth gate evaluate a different route from the one FastAPI dispatched.
Most deployments are not affected. The bypass is blocked by any upstream layer that validates or normalizes Host, such as:
- a CDN or WAF, such as Cloudflare
- a reverse proxy with
server_nameallowlists - a host-based load balancer
LiteLLM Cloud customers are not affected.
Patches
Fixed in 1.84.0. Upgrade to 1.84.0 or later. No configuration change is required.
Workarounds
If upgrading is not immediately possible, place the proxy behind an upstream component that validates or normalizes the Host header before forwarding (a CDN/WAF, a reverse proxy with explicit server_name allowlists, or a cloud load balancer with host-based routing rules), or otherwise restrict network access to the proxy listener.
References
- Patched release:
v1.84.0
Discovery Credit: Le The Thang (KCSC) and Kim Ngoc Chung (One Mount Group)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "litellm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.84.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-49468"
],
"database_specific": {
"cwe_ids": [
"CWE-290"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-16T23:38:26Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Impact\n\nA Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes.\n\nThe auth layer derived the effective route from `request.url.path` in `litellm/proxy/auth/auth_utils.py::get_request_route()`, which Starlette reconstructs from the `Host` header. A crafted `Host` could therefore make the auth gate evaluate a different route from the one FastAPI dispatched.\n\n**Most deployments are not affected.** The bypass is blocked by any upstream layer that validates or normalizes `Host`, such as:\n\n- a CDN or WAF, such as Cloudflare\n- a reverse proxy with `server_name` allowlists\n- a host-based load balancer\n\n**LiteLLM Cloud customers are not affected.**\n\n### Patches\n\nFixed in **`1.84.0`**. Upgrade to `1.84.0` or later. No configuration change is required.\n\n### Workarounds\n\nIf upgrading is not immediately possible, place the proxy behind an upstream component that validates or normalizes the `Host` header before forwarding (a CDN/WAF, a reverse proxy with explicit `server_name` allowlists, or a cloud load balancer with host-based routing rules), or otherwise restrict network access to the proxy listener.\n\n### References\n\n- Patched release: [`v1.84.0`](https://github.com/BerriAI/litellm/releases/tag/v1.84.0)\n\n**Discovery Credit**: Le The Thang (KCSC) and Kim Ngoc Chung (One Mount Group)",
"id": "GHSA-4xpc-pv4p-pm3w",
"modified": "2026-06-16T23:38:26Z",
"published": "2026-06-16T23:38:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-4xpc-pv4p-pm3w"
},
{
"type": "PACKAGE",
"url": "https://github.com/BerriAI/litellm"
},
{
"type": "WEB",
"url": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "LiteLLM: Authentication Bypass via Host Header Injection"
}
GHSA-539Q-FQRF-RMXR
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2023-10-17 21:30A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.
{
"affected": [],
"aliases": [
"CVE-2019-0608"
],
"database_specific": {
"cwe_ids": [
"CWE-290"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-10T14:15:00Z",
"severity": "MODERATE"
},
"details": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka \u0027Microsoft Browser Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-1357.",
"id": "GHSA-539q-fqrf-rmxr",
"modified": "2023-10-17T21:30:23Z",
"published": "2022-05-24T16:58:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0608"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0608"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-54PF-9QMV-M7PJ
Vulnerability from github – Published: 2025-01-23 18:31 – Updated: 2025-01-29 12:31API Security bypass through header manipulation
{
"affected": [],
"aliases": [
"CVE-2024-55925"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-290"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-23T17:15:15Z",
"severity": "MODERATE"
},
"details": "API Security bypass through header manipulation",
"id": "GHSA-54pf-9qmv-m7pj",
"modified": "2025-01-29T12:31:45Z",
"published": "2025-01-23T18:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55925"
},
{
"type": "WEB",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-Workplace-Suite%C2%AE.pdf"
},
{
"type": "WEB",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-55FF-CRW4-233H
Vulnerability from github – Published: 2024-05-17 09:31 – Updated: 2026-04-01 18:31Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2.
{
"affected": [],
"aliases": [
"CVE-2024-21746"
],
"database_specific": {
"cwe_ids": [
"CWE-290"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T09:15:20Z",
"severity": "MODERATE"
},
"details": "Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2.",
"id": "GHSA-55ff-crw4-233h",
"modified": "2026-04-01T18:31:46Z",
"published": "2024-05-17T09:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21746"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-ultimate-review/vulnerability/wordpress-wp-ultimate-review-plugin-2-2-5-ip-limit-bypass-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-ip-limit-bypass-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-55H8-8G96-X4HJ
Vulnerability from github – Published: 2026-03-24 21:50 – Updated: 2026-03-27 22:10Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. NATS messages can have headers.
Problem Description
The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NATS clients could make their own decisions on how to trust a message, provided that they trust the nats-server as a broker.
A leafnode connecting to a nats-server is not fully trusted unless the system account is bridged too. Thus identity claims should not have propagated unchecked.
Thus NATS clients relying upon the Nats-Request-Info: header could be spoofed.
Does not directly affect the nats-server itself, but the CVSS Confidentiality and Integrity scores are based upon what a hypothetical client might choose to do with this NATS header.
Affected Versions
Any version before v2.12.6 or v2.11.15
Workarounds
None.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/nats-io/nats-server/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/nats-io/nats-server/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.12.0-RC.1"
},
{
"fixed": "2.12.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/nats-io/nats-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33246"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-290"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-24T21:50:25Z",
"nvd_published_at": "2026-03-25T20:16:33Z",
"severity": "MODERATE"
},
"details": "### Background\n\nNATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.\n\nThe nats-server allows hub/spoke topologies using \"leafnode\" connections by other nats-servers. NATS messages can have headers.\n\n### Problem Description\n\nThe nats-server offers a `Nats-Request-Info:` message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NATS clients could make their own decisions on how to trust a message, provided that they trust the nats-server as a broker.\n\nA leafnode connecting to a nats-server is not fully trusted unless the system account is bridged too. Thus identity claims should not have propagated unchecked.\n\nThus NATS clients relying upon the Nats-Request-Info: header could be spoofed.\n\nDoes not directly affect the nats-server itself, but the CVSS Confidentiality and Integrity scores are based upon what a hypothetical client might choose to do with this NATS header.\n\n### Affected Versions\n\nAny version before v2.12.6 or v2.11.15\n\n### Workarounds\n\nNone.",
"id": "GHSA-55h8-8g96-x4hj",
"modified": "2026-03-27T22:10:07Z",
"published": "2026-03-24T21:50:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-55h8-8g96-x4hj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33246"
},
{
"type": "WEB",
"url": "https://advisories.nats.io/CVE/secnote-2026-08.txt"
},
{
"type": "PACKAGE",
"url": "https://github.com/nats-io/nats-server"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers"
}
GHSA-5773-H955-5W49
Vulnerability from github – Published: 2025-12-10 12:31 – Updated: 2025-12-10 12:31Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method.
Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data received, allowing an attacker with access to the local machine or internal network to impersonate the legitimate WebSocket and inject manipulated information.
Exploiting this vulnerability could allow an attacker to authenticate as any user in the domain, without the need for valid credentials, compromising the confidentiality, integrity, and availability of the application and its data.
{
"affected": [],
"aliases": [
"CVE-2025-13953"
],
"database_specific": {
"cwe_ids": [
"CWE-290"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-10T12:16:20Z",
"severity": "CRITICAL"
},
"details": "Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method.\n\nAuthentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data received, allowing an attacker with access to the local machine or internal network to impersonate the legitimate WebSocket and inject manipulated information.\n\nExploiting this vulnerability could allow an attacker to authenticate as any user in the domain, without the need for valid credentials, compromising the confidentiality, integrity, and availability of the application and its data.",
"id": "GHSA-5773-h955-5w49",
"modified": "2025-12-10T12:31:27Z",
"published": "2025-12-10T12:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13953"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/bypass-authentication-method-gtt-sistema-de-informacion-tributario"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-57Q4-CGQR-6CW7
Vulnerability from github – Published: 2025-02-21 15:32 – Updated: 2025-02-21 21:32Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.
{
"affected": [],
"aliases": [
"CVE-2020-6158"
],
"database_specific": {
"cwe_ids": [
"CWE-290"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-21T14:15:29Z",
"severity": "MODERATE"
},
"details": "Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.",
"id": "GHSA-57q4-cgqr-6cw7",
"modified": "2025-02-21T21:32:07Z",
"published": "2025-02-21T15:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6158"
},
{
"type": "WEB",
"url": "https://security.opera.com/en/address-bar-spoofing-in-opera-mini-for-android-opera-security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-57V8-Q85X-PWX6
Vulnerability from github – Published: 2026-05-19 15:31 – Updated: 2026-05-19 18:32Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151.
{
"affected": [],
"aliases": [
"CVE-2026-8960"
],
"database_specific": {
"cwe_ids": [
"CWE-290"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-19T14:16:52Z",
"severity": "HIGH"
},
"details": "Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151.",
"id": "GHSA-57v8-q85x-pwx6",
"modified": "2026-05-19T18:32:09Z",
"published": "2026-05-19T15:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8960"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940116"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-46"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-50"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-58M3-63QV-6G2G
Vulnerability from github – Published: 2023-03-28 00:34 – Updated: 2025-02-24 21:31The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.
{
"affected": [],
"aliases": [
"CVE-2022-48349"
],
"database_specific": {
"cwe_ids": [
"CWE-290"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-27T22:15:00Z",
"severity": "CRITICAL"
},
"details": "The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.",
"id": "GHSA-58m3-63qv-6g2g",
"modified": "2025-02-24T21:31:43Z",
"published": "2023-03-28T00:34:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48349"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/3"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-21: Exploitation of Trusted Identifiers
An adversary guesses, obtains, or "rides" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
An adversary utilizes a hash function extension/padding weakness, to modify the parameters passed to the web service requesting authentication by generating their own call in order to generate a legitimate signature hash (as described in the notes), without knowledge of the secret token sometimes provided by the web service.
CAPEC-473: Signature Spoof
An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
CAPEC-476: Signature Spoofing by Misrepresentation
An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but the signer's identity is falsely represented, which can lead to the attacker manipulating the recipient software or its victim user to perform compromising actions.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
CAPEC-60: Reusing Session IDs (aka Session Replay)
This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
CAPEC-667: Bluetooth Impersonation AttackS (BIAS)
An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates successfully. The adversary can then perform malicious actions on the target Bluetooth device depending on the target’s capabilities.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.