Detailedlikelihood: Lowseverity: HighDraft

CAPEC-485Signature Spoofing by Key Recreation

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
High

Description

An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Related weaknesses· 1

CWE-330

MITRE ATT&CK crosswalk· 1

T1552.004: Unsecure Credentials: Private Keys

Related attack patterns· 1

CAPEC-473 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessUse of Insufficiently Random Valuescwe-330100%live

Related to1

TypeTargetConfidenceTier
SubTechniquePrivate Keyst1552.004100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Signature Spoofing by Key Theft
CAPEC
Signature Spoofing by Improper Validation
CAPEC
Signature Spoofing by Misrepresentation
CAPEC
Signature Spoof
CAPEC
Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC
Creating a Rogue Certification Authority Certificate
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.