Dark Mode
Capec-477 Detail
Signature Spoofing by Mixing Signed and Unsigned Content
Detailed Software Likelihood: Low Typical Severity: High
Parents: 473
Threats: T59 T263 T271 T292 T307
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-477 | capec | https://capec.mitre.org/data/definitions/477.html | |
| CWE-693 | cwe | http://cwe.mitre.org/data/definitions/693.html | |
| CWE-311 | cwe | http://cwe.mitre.org/data/definitions/311.html | |
| CWE-319 | cwe | http://cwe.mitre.org/data/definitions/319.html |
Not present
- Signer and recipient are using complex data storage structures that allow for a mix between signed and unsigned data
- Recipient is using signature verification software that does not maintain separation between signed and unsigned data once the signature has been verified.
Not present
| High |
|---|
| Attacker must be able to create malformed data blobs and know how to insert them in a location that the recipient will visit. |
Not present
Not present