CAPEC-151 Metadata
Likelihood of Attack
Medium
Typical Severity
Medium
Overview
Summary
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
Prerequisites
The identity associated with the message or resource must be removable or modifiable in an undetectable way.
Potential Solutions / Mitigations
Employ robust authentication processes (e.g., multi-factor authentication).
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-287 | Improper Authentication |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.