Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-290 (使用欺骗进行的认证绕过) — Vulnerability Class 245

245 vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过). AI Chinese analysis included.

CWE-290 represents a critical authentication weakness where systems fail to properly validate the origin of identity claims, allowing attackers to bypass security controls through spoofing. This vulnerability typically arises when authentication mechanisms rely on easily forged data, such as IP addresses or HTTP headers, without implementing robust verification. Attackers exploit this by injecting malicious or manipulated credentials that mimic legitimate users, thereby gaining unauthorized access to sensitive resources or administrative functions. To mitigate this risk, developers must implement multi-factor authentication and ensure that identity verification relies on cryptographically secure tokens rather than easily spoofable network identifiers. Additionally, rigorous input validation and strict adherence to secure authentication protocols, such as OAuth or OpenID Connect, help prevent attackers from impersonating valid entities, ensuring that only genuinely authenticated users can access protected systems.

MITRE CWE Description
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Common Consequences (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
This weakness can allow an attacker to access resources which are not otherwise accessible without proper authentication.
Examples (2)
The following code authenticates users.
String sourceIP = request.getRemoteAddr(); if (sourceIP != null && sourceIP.equals(APPROVED_IP)) { authenticated = true; }
Bad · Java
Both of these examples check if a request is from a trusted address before responding to the request.
sd = socket(AF_INET, SOCK_DGRAM, 0); serv.sin_family = AF_INET; serv.sin_addr.s_addr = htonl(INADDR_ANY); servr.sin_port = htons(1008); bind(sd, (struct sockaddr *) & serv, sizeof(serv)); while (1) { memset(msg, 0x0, MAX_MSG); clilen = sizeof(cli); if (inet_ntoa(cli.sin_addr)==getTrustedAddress()) { n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) & cli, &clilen); } }
Bad · C
while(true) { DatagramPacket rp=new DatagramPacket(rData,rData.length); outSock.receive(rp); String in = new String(p.getData(),0, rp.getLength()); InetAddress clientIPAddress = rp.getAddress(); int port = rp.getPort(); if (isTrustedAddress(clientIPAddress) & secretKey.equals(in)) { out = secret.getBytes(); DatagramPacket sp =new DatagramPacket(out,out.length, IPAddress, port); outSock.send(sp); } }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2021-47923 OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie — opencart 9.8 Critical2026-05-10
CVE-2026-42354 Sentry: Improper authentication on SAML SSO process allows user identity linking — sentry 9.1 Critical2026-05-08
CVE-2026-44118 OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header — OpenClaw 7.8 High2026-05-06
CVE-2026-39858 Traefik: Forwarded alias spoofing top pre-auth decision bypass — traefik 9.8 -2026-04-30
CVE-2018-25318 Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Change — FH303/A300 9.8 Critical2026-04-29
CVE-2018-25317 Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness DNS Change — W3002R 9.8 Critical2026-04-29
CVE-2018-25316 Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change — W 9.8 Critical2026-04-29
CVE-2026-7422 MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing — FreeRTOS-Plus-TCP 6.5 Medium2026-04-29
CVE-2026-25660 Authentication bypass for certain API calls — CodeChecker 9.8AICriticalAI2026-04-24
CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing — oauth2-proxy 9.1 Critical2026-04-21
CVE-2026-22734 Cloud Foundry UAA SAML 2.0 Signature Bypass — UUA 8.6 High2026-04-16
CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode — oauth2-proxy 9.1 Critical2026-04-14
CVE-2026-35656 OpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate Limiter — OpenClaw 6.5 Medium2026-04-10
CVE-2026-35622 OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook — OpenClaw 5.9 Medium2026-04-09
CVE-2026-3902 ASGI header spoofing via underscore/hyphen conflation — Django 5.3AIMediumAI2026-04-07
CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies — electron 5.9 Medium2026-04-03
CVE-2026-33433 Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField — traefik 8.1 -2026-03-27
CVE-2026-33661 WeChat Pay callback signature verification bypassed when Host header is localhost — pay 8.6 High2026-03-26
CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token — pinchtab 4.8 Medium2026-03-26
CVE-2026-30975 Sonarr Authentication Bypass vulnerability — Sonarr 8.1 High2026-03-25
CVE-2026-33223 NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing — nats-server 6.4 Medium2026-03-25
CVE-2026-32492 WordPress My Tickets plugin <= 2.1.1 - Bypass Vulnerability vulnerability — My Tickets 5.3 Medium2026-03-25
CVE-2026-24372 WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability — Subscriptions for WooCommerce 7.5 High2026-03-25
CVE-2026-32045 OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth — OpenClaw 5.9 Medium2026-03-21
CVE-2026-32666 Automated Logic WebCTRL Premium Server Authentication Bypass by Spoofing — WebCTRL Premium Server 7.5 High2026-03-20
CVE-2026-33131 h3 has a middleware bypass with one gadget — h3 7.4 High2026-03-20
CVE-2026-32014 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields — OpenClaw 8.0 High2026-03-19
CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation — unitycatalog 9.1 Critical2026-03-11
CVE-2026-31889 Shopware has a potential take over of app credentials — core 8.9 High2026-03-11
CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens — auth 4.8 Medium2026-03-11

Vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过) represent 245 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.