This includes feigning identities (user, application, process etc.). An attacker may forge Messages from a Client or a Server or a Publisher where the messages are forged to attempt to appear to be from an application other that the sending application or process. Spoofing may occur at multiple layers in the protocol stack.

By spoofing Messages from a Client, a Server or Publisher, attackers may perform unauthorized operations and avoid detection of their activities.

Message spoofing impacts Integrity and Authorization.

See 5.1.4 for the reconciliation of this threat.