CWE-291

• CWE ID
• 291

• CWE Name
• Reliance on IP Address for Authentication

• CWE Abstraction
• Variant

• CWE structure
• Simple

• CWE Status
• Incomplete

The software uses an IP address for authentication.

IP addresses can be easily spoofed. Attackers can forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machin