Prerequisites
Identification of a resource whose metadata is to be spoofed
Skills Required
Ability to spoof a variety of metadata to convince victims the source is trusted
Mitigations
Validate metadata of resources such as authors, timestamps, and statistics.
Confirm the pedigree of open source packages and ensure the code being downloaded does not originate from another source.
Even if the metadata is properly checked and a user believes it to be legitimate, there may still be a chance that they've been duped. Therefore, leverage automated testing techniques to determine where malicious areas of the code may exist.
Submission
Name |
Organization |
Date |
Date Release |
CAPEC Content Team |
The MITRE Corporation |
2022-09-29 +00:00 |