Detailedlikelihood: Lowseverity: HighDraft

CAPEC-477Signature Spoofing by Mixing Signed and Unsigned Content

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
High

Description

An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data. Metadata: detailed CAPEC pattern, status draft, likelihood low, severity high. Underlying weaknesses: CWE-693, CWE-311, CWE-319. Related CAPEC pattern: [object Object].

Related weaknesses· 3

CWE-693CWE-311CWE-319

Related attack patterns· 1

CAPEC-473 (ChildOf)

Exploits3

TypeTargetConfidenceTier
WeaknessProtection Mechanism Failurecwe-693100%live
WeaknessMissing Encryption of Sensitive Datacwe-311100%live
WeaknessCleartext Transmission of Sensitive Informationcwe-319100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Signature Spoofing by Improper Validation
CAPEC
Signature Spoof
CAPEC
Signature Spoofing by Misrepresentation
CAPEC
Signature Spoofing by Key Theft
CAPEC
Signature Spoofing by Key Recreation
CAPEC
Developer Signing Maliciously Altered Software
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.