CAPEC-474

Signature Spoofing by Key Theft
Medium
High
Draft
2014-06-23
00h00 +00:00
2022-09-29
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Notifications manage

Descriptions CAPEC

An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Informations CAPEC

Prerequisites

An authoritative or reputable signer is storing their private signature key with insufficient protection.

Skills Required

Knowledge of common location methods and access methods to sensitive data
Ability to compromise systems containing sensitive data

Mitigations

Restrict access to private keys from non-supervisory accounts
Restrict access to administrative personnel and processes only
Ensure all remote methods are secured
Ensure all services are patched and up to date

Related Weaknesses

CWE-ID Weakness Name

CWE-522

 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

REF-411

Security breach stopped
Sigbjørn Vik.

REF-412

Bit9 and Our Customers’ Security
Patrick Morley.

REF-413

Inappropriate Use of Adobe Code Signing Certificate
Brad Arkin.

Submission

Name Organization Date Date release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Mitigations
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.