Home > CAPEC List > CAPEC-476: Signature Spoofing by Misrepresentation (Version 2.10)  

CAPEC-476: Signature Spoofing by Misrepresentation

 
Signature Spoofing by Misrepresentation
Definition in a New Window Definition in a New Window
Attack Pattern ID: 476
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but the signer's identity is falsely represented, which can lead to the attacker manipulating the recipient software or its victim user to perform compromising actions.

+ Attack Prerequisites
  • Recipient is using signature verification software that does not clearly indicate potential homographs in the signer identity.

    Recipient is using signature verification software that contains a parsing vulnerability, or allows control characters in the signer identity field, such that a signature is mistakenly displayed as valid and from a known or authoritative signer.

+ Typical Severity

High

+ Typical Likelihood of Exploit

Likelihood: Low

+ Methods of Attack
  • Protocol Manipulation
  • Spoofing
+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: High

Attacker needs to understand the layout and composition of data blobs used by the target application.

Skill or Knowledge Level: High

To discover a specific vulnerability, attacker needs to reverse engineer signature parsing, signature verification and signer representation code.

Skill or Knowledge Level: High

Attacker may be required to create malformed data blobs and know how to insert them in a location that the recipient will visit.

+ Solutions and Mitigations

Ensure the application is using parsing and data display techniques that will accurately display control characters, international symbols and markings, and ultimately recognize potential homograph attacks.

+ References
Eric Johanson. "The state of homograph attacks". http://www.shmoo.com/idn/homograph.txt. 2005-02-11.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017