Detailedlikelihood: Lowseverity: HighDraft

CAPEC-475Signature Spoofing by Improper Validation

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
High

Description

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key. Metadata: detailed CAPEC pattern, status draft, likelihood low, severity high. Underlying weaknesses: CWE-347, CWE-327, CWE-295. Related CAPEC patterns: [object Object], [object Object].

Related weaknesses· 3

CWE-347CWE-327CWE-295

Related attack patterns· 2

CAPEC-473 (ChildOf)CAPEC-542 (CanPrecede)

Exploits3

TypeTargetConfidenceTier
WeaknessImproper Verification of Cryptographic Signaturecwe-347100%live
WeaknessUse of a Broken or Risky Cryptographic Algorithmcwe-327100%live
WeaknessImproper Certificate Validationcwe-295100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Signature Spoofing by Key Theft
CAPEC
Signature Spoofing by Key Recreation
CAPEC
Signature Spoof
CAPEC
Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC
Signature Spoofing by Misrepresentation
CAPEC
Developer Signing Maliciously Altered Software
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.