CAPEC-476

Signature Spoofing by Misrepresentation
Bajo
Alto
Draft
2014-06-23
00h00 +00:00
2019-04-04
00h00 +00:00
CAPEC Mitre.org
Alerta para un CAPEC
Manténgase informado sobre cualquier cambio en un CAPEC específico.
Gestionar notificaciones

Descripciones CAPEC

An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but the signer's identity is falsely represented, which can lead to the attacker manipulating the recipient software or its victim user to perform compromising actions.

Informaciones CAPEC

Prerrequisitos

Recipient is using signature verification software that does not clearly indicate potential homographs in the signer identity.Recipient is using signature verification software that contains a parsing vulnerability, or allows control characters in the signer identity field, such that a signature is mistakenly displayed as valid and from a known or authoritative signer.

Habilidades requeridas

Attacker needs to understand the layout and composition of data blobs used by the target application.
To discover a specific vulnerability, attacker needs to reverse engineer signature parsing, signature verification and signer representation code.
Attacker may be required to create malformed data blobs and know how to insert them in a location that the recipient will visit.

Mitigaciones

Ensure the application is using parsing and data display techniques that will accurately display control characters, international symbols and markings, and ultimately recognize potential homograph attacks.

Debilidades relacionadas

CWE-ID Nombre de la debilidad

CWE-290

 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Referencias

REF-414

The state of homograph attacks
Eric Johanson.

Envío

Nombre Organización Fecha Fecha de lanzamiento
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modificaciones

Nombre Organización Fecha Comentario
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Weaknesses
La información presentada en CVE Find proviene de varias fuentes de referencia cuidadosamente seleccionadas. Los datos CVE son proporcionados por MITRE Corporation y la Base de Datos Nacional de Vulnerabilidades (NVD). El catálogo de Vulnerabilidades Explotadas Conocidas (KEV) proviene de la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA), mientras que las puntuaciones EPSS provienen de FIRST.org. Además, los datos sobre debilidades de software (CWE) y patrones de ataque comunes (CAPEC) son mantenidos por MITRE Corporation, y la información sobre configuraciones de hardware y software (CPE) es proporcionada por la NVD.