CWE-291

Mitigation

Phase: Architecture and Design

Description:

• Use other means of identity verification that cannot be simply spoofed. Possibilities include a username/password or certificate.

CAPEC-4: Using Alternative IP Address Encodings

This attack relies on the adversary using unexpected formats for representing IP addresses. Networked applications may expect network location information in a specific format, such as fully qualified domains names (FQDNs), URL, IP address, or IP Address ranges. If the location information is not validated against a variety of different possible encodings and formats, the adversary can use an alternate format to bypass application access control.