CAPEC-474
Signature Spoofing by Key Theft
Średni
Wysoki
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2022-09-29
00h00 +00:00
00h00 +00:00
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Opisy CAPEC
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Informacje CAPEC
Wymagania wstępne
An authoritative or reputable signer is storing their private signature key with insufficient protection.Wymagane umiejętności
Knowledge of common location methods and access methods to sensitive dataAbility to compromise systems containing sensitive data
Łagodzenie
Restrict access to private keys from non-supervisory accountsRestrict access to administrative personnel and processes only
Ensure all remote methods are secured
Ensure all services are patched and up to date
Powiązane słabości
| Nazwa słabości | |
|---|---|
CWE-522 |
Insufficiently Protected Credentials The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Odniesienia
REF-411
Security breach stoppedSigbjørn Vik.
REF-412
Bit9 and Our Customers’ SecurityPatrick Morley.
REF-413
Inappropriate Use of Adobe Code Signing CertificateBrad Arkin.
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings |
