Detailedlikelihood: Lowseverity: HighDraft

CAPEC-476Signature Spoofing by Misrepresentation

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
High

Description

An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but the signer's identity is falsely represented, which can lead to the attacker manipulating the recipient software or its victim user to perform compromising actions.

Related weaknesses· 1

CWE-290

Related attack patterns· 1

CAPEC-473 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Spoofingcwe-290100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Signature Spoofing by Improper Validation
CAPEC
Signature Spoofing by Key Recreation
CAPEC
Signature Spoof
CAPEC
Signature Spoofing by Key Theft
CAPEC
Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC
Developer Signing Maliciously Altered Software
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.