CAPEC Details
Name Identity Spoofing
Likelyhood of attack Typical severity
Medium Medium
Summary Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
Prerequisites The identity associated with the message or resource must be removable or modifiable in an undetectable way.
Solutions Employ robust authentication processes (e.g., multi-factor authentication).
Related Weaknesses
CWE ID Description
CWE-287 Improper Authentication