Home > CAPEC List > CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content (Version 2.11)  

CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content

 
Signature Spoofing by Mixing Signed and Unsigned Content
Definition in a New Window Definition in a New Window
Attack Pattern ID: 477
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.

+ Attack Prerequisites
  • Signer and recipient are using complex data storage structures that allow for a mix between signed and unsigned data

  • Recipient is using signature verification software that does not maintain separation between signed and unsigned data once the signature has been verified.

+ Typical Severity

High

+ Typical Likelihood of Exploit

Likelihood: Low

+ Methods of Attack
  • Protocol Manipulation
  • Analysis
  • API Abuse
  • Spoofing
+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: High

The attacker may need to continuously monitor a stream of signed data, waiting for an exploitable message to appear.

Skill or Knowledge Level: High

Attacker must be able to create malformed data blobs and know how to insert them in a location that the recipient will visit.

+ Solutions and Mitigations

Ensure the application is fully patched and does not allow the processing of unsigned data as if it is signed data.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017