CAPEC-151
Identity Spoofing
Średni
Średni
Stable
2014-06-23
00h00 +00:00
00h00 +00:00
2022-02-22
00h00 +00:00
00h00 +00:00
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Opisy CAPEC
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
Informacje CAPEC
Wymagania wstępne
The identity associated with the message or resource must be removable or modifiable in an undetectable way.Wymagane zasoby
None: No specialized resources are required to execute this type of attack.Łagodzenie
Employ robust authentication processes (e.g., multi-factor authentication).Powiązane słabości
| Nazwa słabości | |
|---|---|
CWE-287 |
Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit | |
| CAPEC Content Team | The MITRE Corporation | Updated Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
