Incorrect Description for Spoofing

[jmeddy]

The page https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats has an incorrect Description for Spoofing. It describes it as "Involves illegally accessing and then using another user's authentication information, such as username and password". This is incorrect as Spoofing is not always illegal (it could simply be unethical or against a TOS), does not require accessing another user's authentication information (it could be guessed or randomly generated), and does not require using another user's authentication information (it could be an elevation/escalation of privilege or a bypass). Please reword this description. As a comparison, the CompTIA definition of spoofing at https://www.comptia.org/content/articles/what-is-spoofing is a better definition, although there are other things that would make the Microsoft definition better and more correct.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: b3a0afe3-d4f0-2ab0-d09c-dbcdff86c499
• Version Independent ID: 89e98ebb-1210-1e27-97b6-7c74dadfb13a
• Content: Threats - Microsoft Threat Modeling Tool - Azure
• Content Source: articles/security/develop/threat-modeling-tool-threats.md
• Service: information-protection
• Sub-service: aiplabels
• GitHub Login: @jegeib
• Microsoft Alias: rodsan

[Naveenommi-MSFT]

@jmeddy Thank you for bringing this to our attention. I've assigned this issue to the author who will investigate and update as appropriate.