CAPEC-473
Benachrichtigung für ein CAPEC
Bleiben Sie über alle Änderungen zu einem bestimmten CAPEC informiert.
CAPEC-Beschreibungen
An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
CAPEC-Informationen
Voraussetzungen
The victim or victim system is dependent upon a cryptographic signature-based verification system for validation of one or more security events or actions.The validation can be bypassed via an attacker-provided signature that makes it appear that the legitimate authoritative or reputable source provided the signature.
Erforderliche Kenntnisse
Technical understanding of how signature verification algorithms work with data and applicationsVerwandte Schwachstellen
| Name der Schwachstelle | |
|---|---|
CWE-20 |
Improper Input Validation The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
CWE-327 |
Use of a Broken or Risky Cryptographic Algorithm The product uses a broken or risky cryptographic algorithm or protocol. |
CWE-290 |
Authentication Bypass by Spoofing This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Einreichung
| Name | Organisation | Datum | Veröffentlichungsdatum |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Änderungen
| Name | Organisation | Datum | Kommentar |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns, Taxonomy_Mappings |
