Description Summary This attack-focused weakness is caused by improperly
implemented authentication schemes that are subject to spoofing
attacks.
Example 1 Here, an authentication mechanism implemented in Java relies on an IP address for source validation. If an attacker is able to spoof the IP, however, he may be able to bypass such an authentication mechanism. (Bad Code) Java String sourceIP = request.getRemoteAddr(); if (sourceIP != null &&
sourceIP.equals(APPROVED_IP)) { authenticated = true;
}
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Page Last Updated:
October 29, 2009
|
|
CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Contact cwe@mitre.org for more information. |
|||
