logo

Reliance on IP Address for Authentication

Incomplete Variant
Structure: Simple
Description

The product uses an IP address for authentication.

Extended Description

IP addresses can be easily spoofed. Attackers can forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication.
Common Consequences 1
Scope: Access ControlNon-Repudiation

Impact: Hide ActivitiesGain Privileges or Assume Identity

Malicious users can fake authentication information, impersonating any IP address.
Potential Mitigations 1
Phase: Architecture and Design
Use other means of identity verification that cannot be simply spoofed. Possibilities include a username/password or certificate.
Demonstrative Examples 1

ID : DX-99

Both of these examples check if a request is from a trusted address before responding to the request.

Code Example:

Bad
C
c

Code Example:

Bad
Java
java
The code only verifies the address as stored in the request packet. An attacker can spoof this address, thus impersonating a trusted client.
Observed Examples 1
CVE-2022-30319S-bus functionality in a home automation product performs access control using an IP allowlist, which can be bypassed by a forged IP address.
References 2
The CLASP Application Security Process
Secure Software, Inc.
2005
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)
ID: REF-18
IP address spoofing
Wikipedia
07-04-2006
https://en.wikipedia.org/wiki/IP_address_spoofing(2023-10-21)
ID: REF-1371
Likelihood of Exploit

High

Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Related Attack Patterns
Related Weaknesses
ChildOf: Authentication Bypass by Spoofing (CWE-290)
ChildOf: Improper Restriction of Communication Channel to Intended Endpoints (CWE-923)
Taxonomy Mapping
  • CLASP