Standardseverity: MediumStable

CAPEC-194Fake the Source of Data

Abstraction
Standard
Status
Stable
Severity
Medium

Description

An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

Related weaknesses· 1

CWE-287

Related attack patterns· 3

CAPEC-151 (ChildOf)CAPEC-657 (CanPrecede)CAPEC-667 (CanPrecede)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-287100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Identity Spoofing
CAPEC
Principal Spoof
CAPEC
Content Spoofing
CAPEC
Session Credential Falsification through Forging
CAPEC
Pretexting
CAPEC
Signature Spoofing by Misrepresentation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.