VYPR

CWE-291

Reliance on IP Address for Authentication

VariantIncompleteLikelihood: High

Description

The product uses an IP address for authentication.

IP addresses can be easily spoofed. Attackers can forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-4

CVEs mapped to this weakness (3)

  • CVE-2026-4252CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is…

  • CVE-2025-59101HigJan 26, 2026
    risk 0.50cvss epss 0.01

    Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other…

  • CVE-2026-3690HigApr 11, 2026
    risk 0.41cvss 7.4epss 0.01

    OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of…