Detailedlikelihood: Mediumseverity: HighDraft

CAPEC-474Signature Spoofing by Key Theft

Abstraction
Detailed
Status
Draft
Likelihood
Medium
Severity
High

Description

An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker. Metadata: detailed CAPEC pattern, status draft, likelihood medium, severity high. Underlying weakness: CWE-522. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Object].

Related weaknesses· 1

CWE-522

MITRE ATT&CK crosswalk· 1

T1552.004: Unsecured Credentials: Private Keys

Related attack patterns· 1

CAPEC-473 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessInsufficiently Protected Credentialscwe-522100%live

Related to1

TypeTargetConfidenceTier
SubTechniquePrivate Keyst1552.004100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Signature Spoofing by Key Recreation
CAPEC
Signature Spoofing by Improper Validation
CAPEC
Signature Spoof
CAPEC
Signature Spoofing by Misrepresentation
CAPEC
Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC
Developer Signing Maliciously Altered Software
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.