Home > CAPEC List > CAPEC-474: Signature Spoofing by Key Theft (Version 2.11)  

CAPEC-474: Signature Spoofing by Key Theft

Signature Spoofing by Key Theft
Definition in a New Window Definition in a New Window
Attack Pattern ID: 474
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

+ Attack Prerequisites
  • An authoritative or reputable signer is storing their private signature key with insufficient protection.

+ Typical Severity


+ Typical Likelihood of Exploit

Likelihood: Medium

+ Methods of Attack
  • Analysis
  • Spoofing
+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

Knowledge of common location methods and access methods to sensitive data

Skill or Knowledge Level: High

Ability to compromise systems containing sensitive data

+ Solutions and Mitigations

Restrict access to private keys from non-supervisory accounts

Restrict access to administrative personnel and processes only

Ensure all remote methods are secured

Ensure all services are patched and up to date

+ References
Sigbjørn Vik. "Security breach stopped". http://my.opera.com/securitygroup/blog/2013/06/26/opera-infrastructure-attack. 2013-06-26.
Patrick Morley. "Bit9 and Our Customers’ Security". https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security/. 2013-02-08.
Brad Arkin. "Inappropriate Use of Adobe Code Signing Certificate". http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html. 2012-09-27.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017