| Name |
Identity Spoofing |
|
| Likelyhood of attack |
Typical severity |
| Medium |
Medium |
|
| Summary |
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials. |
| Prerequisites |
The identity associated with the message or resource must be removable or modifiable in an undetectable way. |
| Solutions | Employ robust authentication processes (e.g., multi-factor authentication). |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-287 |
Improper Authentication |
|