Cyber Resilience

CWE · MITRE source

CWE-290Authentication Bypass by Spoofing

Abstraction: Base · CVEs in our corpus: 600

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 27 mapping(s) from 7 framework(s): ATT&CK 10 (mostly) · CAPEC 10 (partial) · ASVS 5.0 3 (mostly) · OWASP-Web 1 (full) · STIG oracle linux 8 1 (mostly) · STIG rhel 7 1 (mostly) · STIG rhel 8 1 (mostly)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A07:2025 Authentication Failures.

NIST 800-53 r5 controls that address this weakness (11)AI

Showing the 8 most specific. Generic controls that address many weakness types are collapsed below.

Control Title Family Why it addresses this CWE
SC-11Trusted PathSCIsolated trusted path ensures the user interacts only with genuine system components, preventing spoofing of authentication interfaces or prompts.
SC-20Secure Name/Address Resolution Service (Authoritative Source)SCDirectly counters DNS response spoofing by requiring cryptographic origin authentication artifacts from the authoritative source.
SC-21Secure Name/Address Resolution Service (Recursive or Caching Resolver)SCDirectly counters DNS response spoofing by requiring cryptographic origin authentication before trusting resolved names/addresses.
IA-12Identity ProofingIARequiring verifiable identity evidence at appropriate assurance levels makes it substantially harder for attackers to successfully spoof or impersonate users to obtain accounts.
IA-3Device Identification and AuthenticationIAUnique device authentication makes successful spoofing of device identity substantially more difficult to achieve.
IA-8Identification and Authentication (Non-organizational Users)IAUnique identification of non-organizational users reduces the feasibility of authentication bypass by spoofing.
AC-9Previous Logon NotificationACReveals spoofed logon attempts through unexpected previous logon timestamps upon legitimate login.
AT-2Literacy Training and AwarenessATTraining specifically addresses recognizing spoofed communications and phishing that enable authentication bypass.
Show 3 more broadly-applicable controls
SC-23Session AuthenticitySCRequires cryptographic or protocol-level verification that blocks spoofed session establishment or continuation.
SC-40Wireless Link ProtectionSCSignal-parameter protections (e.g., cryptographic authentication, anti-spoofing) directly counter spoofing-based authentication bypass.
IA-9Service Identification and AuthenticationIAUnique identification and authentication of services before communications makes spoofing of service identities substantially harder.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2022-23131 KEV10.09.10.95682022-01-13
CVE-2022-24112 KEV10.09.80.96182022-02-11
CVE-2023-50224 KEV10.06.50.17452024-05-03
CVE-2024-4358 KEV10.09.80.97482024-05-29
CVE-2024-54085 KEV10.09.80.61202025-03-11
CVE-2019-12348.07.50.57942019-11-12
CVE-2021-294418.08.60.74242021-04-27
CVE-2021-311958.06.50.73682021-05-11
CVE-2020-73888.010.00.70272021-07-22
CVE-2021-346468.09.80.50872021-08-30
CVE-2009-10487.09.80.06372009-08-14
CVE-2017-140037.09.80.02602017-10-11
CVE-2017-143757.09.80.04772017-11-01
CVE-2017-144877.09.10.01162017-12-01
CVE-2018-157157.09.80.03492018-11-30
CVE-2018-78427.09.80.35042019-05-22
CVE-2019-163787.09.80.02462019-09-17
CVE-2019-182597.09.80.02112019-12-16
CVE-2019-168717.09.80.05302019-12-19
CVE-2019-121317.09.10.01182020-03-18
CVE-2019-207907.09.80.02662020-04-27
CVE-2020-54157.010.00.01222020-08-12
CVE-2018-53537.09.80.08102020-09-30
CVE-2020-262767.010.00.02172020-12-17
CVE-2020-220017.09.80.03412021-04-27