CAPEC-474
Signature Spoofing by Key Theft
Gemiddeld
Hoog
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2022-09-29
00h00 +00:00
00h00 +00:00
Melding voor een CAPEC
Blijf op de hoogte van wijzigingen voor een specifieke CAPEC.
Beschrijvingen CAPEC
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Informatie CAPEC
Vereisten
An authoritative or reputable signer is storing their private signature key with insufficient protection.Vereiste vaardigheden
Knowledge of common location methods and access methods to sensitive dataAbility to compromise systems containing sensitive data
Mitigaties
Restrict access to private keys from non-supervisory accountsRestrict access to administrative personnel and processes only
Ensure all remote methods are secured
Ensure all services are patched and up to date
Gerelateerde zwakheden
| Zwakheidsnaam | |
|---|---|
CWE-522 |
Insufficiently Protected Credentials The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Referenties
REF-411
Security breach stoppedSigbjørn Vik.
REF-412
Bit9 and Our Customers’ SecurityPatrick Morley.
REF-413
Inappropriate Use of Adobe Code Signing CertificateBrad Arkin.
Indiening
| Naam | Organisatie | Datum | Releasedatum |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Wijzigingen
| Naam | Organisatie | Datum | Opmerking |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings |
