Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

578 vulnerabilities with CWE-290

CVE-2021-21215 MEDIUM

Google Chrome < 90.0.4430.72 - Authentication Bypass by Spoofing via Autofill

CVE-2021-0232 HIGH

Juniper Paragon Active Assurance Control Center < 2.35.6 - Improper Access Control

CVE-2021-21492 MEDIUM

SAP NetWeaver Application Server Java - Content Spoofing via Logon Group URL Validation

CVE-2021-22890 LOW

curl/libcurl 7.63.0-7.75.0 - HTTPS Proxy MITM via TLS Session Tickets

CVE-2021-23984 MEDIUM

Firefox < 87.0 and Firefox ESR < 78.9 - Authentication Bypass by Spoofing via Popup Window

CVE-2021-21310 MEDIUM

next-auth < 3.3.0 - Authentication Bypass via Prisma Adapter Email Token Verification

CVE-2021-21134 MEDIUM

Google Chrome < 88.0.4324.96 - Security UI Spoofing via Page Info

CVE-2021-1677 MEDIUM

Azure Kubernetes Service - Authentication Bypass via Azure Active Directory Pod Identity Spoofing

CVE-2020-37056 CRITICAL

Crystal Shard http-protection 0.2.0 - SSRF

CVE-2020-6158 MEDIUM

Opera Mini for Android <52.2 - CSRF

CVE-2020-22660 HIGH

Ruckus APs and SmartZone Controllers - Secure Boot Bypass via Backup Image Fallback

CVE-2020-19003 MEDIUM

Gate One 1.2.0 - Authentication Bypass via Origin Verification Spoofing

CVE-2020-27970 MEDIUM

Yandex Browser < 20.10.0 - Address Bar Spoofing

CVE-2020-7388 CRITICAL

Sage X3 AdxAdmin < 93.2.53 - Unauthenticated Remote Command Execution via AdxDSrv.exe Authentication Bypass

CVE-2020-13529 MEDIUM

systemd - Denial of Service via DHCP FORCERENEW Packet Spoofing

CVE-2020-36128 HIGH

PAXSTORE < 7.0.8_20200511171508 - Authentication Bypass via X-Terminal-Token Spoofing

CVE-2020-22001 CRITICAL

HomeAutomation 3.3.2 - Authentication Bypass via X-Forwarded-For Header Spoofing

CVE-2020-17516 HIGH

Apache Cassandra <3.11.10 - Info Disclosure

CVE-2020-25686 LOW

dnsmasq < 2.83 - DNS Cache Poisoning via Birthday Attack

CVE-2020-27276 MEDIUM

SOOIL Developments Co Ltd DiabecareRS - Auth Bypass

CVE-2020-26276 CRITICAL

Fleet < 3.5.1 - SAML Authentication Bypass via XML Parsing Mutation

CVE-2020-28856 HIGH

OpenAsset Digital Asset Management <= 12.0.19 - Authentication Bypass via X-Forwarded-For IP Spoofing

CVE-2020-26254 HIGH

omniauth-apple <1.0.1 - Info Disclosure

CVE-2020-4864 MEDIUM

IBM Resilient SOAR V38.0 - Authentication Bypass by Spoofing via Spoofed Source IP Address

CVE-2020-24375 MEDIUM

Freebox Server < 4.2.3 - Authentication Bypass via DNS Rebinding

Previous Page 20 of 24 Next

Details

Vulnerabilities 578

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy