Dark Mode

Settings

Capec-476 Detail

Signature Spoofing by Misrepresentation

Detailed Software Likelihood: Low Typical Severity: High

Parents: 473

Threats: T59 T263 T271 T292 T307

Description

An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but the signer's identity is falsely represented, which can lead to the attacker manipulating the recipient software or its victim user to perform compromising actions.

Not present

External ID Source Link Description
CAPEC-476 capec https://capec.mitre.org/data/definitions/476.html
CWE-290 cwe http://cwe.mitre.org/data/definitions/290.html
REF-414 reference_from_CAPEC Eric Johanson, The state of homograph attacks, 2005--02---11, http://www.shmoo.com/idn/homograph.txt

Not present

  1. Recipient is using signature verification software that does not clearly indicate potential homographs in the signer identity.Recipient is using signature verification software that contains a parsing vulnerability, or allows control characters in the signer identity field, such that a signature is mistakenly displayed as valid and from a known or authoritative signer.

Not present

High
Attacker may be required to create malformed data blobs and know how to insert them in a location that the recipient will visit.

Not present

Not present

We use cookies to ensure you get the best experience on our website.