Dark Mode
Capec-473 Detail
Signature Spoof
Standard Software
Parents: 151
Children: 459 474 475 476 477 479 485
Threats: T59 T263 T271 T292 T307
An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-473 | capec | https://capec.mitre.org/data/definitions/473.html | |
| CWE-20 | cwe | http://cwe.mitre.org/data/definitions/20.html | |
| CWE-327 | cwe | http://cwe.mitre.org/data/definitions/327.html | |
| CWE-290 | cwe | http://cwe.mitre.org/data/definitions/290.html | |
| T1036.001 | ATTACK | https://attack.mitre.org/wiki/Technique/T1036/001 | Masquerading: Invalid Code Signature |
| T1553.002 | ATTACK | https://attack.mitre.org/wiki/Technique/T1553/002 | Subvert Trust Controls: Code Signing |
Not present
- The victim or victim system is dependent upon a cryptographic signature-based verification system for validation of one or more security events or actions.
- The validation can be bypassed via an attacker-provided signature that makes it appear that the legitimate authoritative or reputable source provided the signature.
Not present
| High |
|---|
| Technical understanding of how signature verification algorithms work with data and applications |
| Access Control | Authentication |
|---|---|
| Gain Privileges | Gain Privileges |
- An attacker provides a victim with a malicious executable disguised as a legitimate executable from an established software by signing the executable with a forged cryptographic key. The victim's operating system attempts to verify the executable by checking the signature, the signature is considered valid, and the attackers' malicious executable runs.
- An attacker exploits weaknesses in a cryptographic algorithm to that allow a private key for a legitimate software vendor to be reconstructed, attacker- created malicious software is cryptographically signed with the reconstructed key, and is installed by the victim operating system disguised as a legitimate software update from the software vendor.