Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CWE-290

BaseIncomplete

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

224 linked vulnerabilities

2 related weaknesses

Access Control

Bypass Protection Mechanism

Gain Privileges or Assume Identity

This weakness can allow an attacker to access resources which are not otherwise accessible without proper authentication.

Modes of Introduction

Implementation

Architecture and Design

Related Weaknesses

CWE-1390ChildOf CWE-287ChildOf

Example CVEs (2)

CVE-2022-30319

S-bus functionality in a home automation product performs access control using an IP allowlist, which can be bypassed by a forged IP address.

CVE-2009-1048

VOIP product allows authentication bypass using 127.0.0.1 in the Host header.

External Links

MITRE CWE Database

CWE-290: Authentication Bypass by Spoofing | Mondoo Vulnerability Intelligence