Home > CAPEC List > CAPEC-475: Signature Spoofing by Improper Validation (Version 2.10)  

CAPEC-475: Signature Spoofing by Improper Validation

 
Signature Spoofing by Improper Validation
Definition in a New Window Definition in a New Window
Attack Pattern ID: 475
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.

+ Attack Prerequisites
  • Recipient is using a weak cryptographic signature verification algorithm or a weak implementation of a cryptographic signature verification algorithm, or the configuration of the recipient's application accepts the use of keys generated using cryptographically weak signature verification algorithms.

+ Typical Severity

High

+ Typical Likelihood of Exploit

Likelihood: Low

+ Methods of Attack
  • Protocol Manipulation
  • Analysis
  • API Abuse
  • Brute Force
  • Spoofing
+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: High

Cryptanalysis of signature verification algorithm

Skill or Knowledge Level: High

Reverse engineering and cryptanalysis of signature verification algorithm implementation

+ Solutions and Mitigations

Use programs and products that contain cryptographic elements that have been thoroughly tested for flaws in the signature verification routines.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Related_Attack_PatternsInternal
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017