| CWE-290 |
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks. |
| CWE-291 |
The software uses an IP address for authentication. |
| CWE-292 |
This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350. |
| CWE-293 |
The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking. |
| CWE-294 |
A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
| CWE-295 |
The software does not validate, or incorrectly validates, a certificate. |
| CWE-296 |
The software does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate. |
| CWE-297 |
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host. |
| CWE-298 |
A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age. |
| CWE-299 |
The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised. |
