CAPEC-474
Signature Spoofing by Key Theft
Média
Alta
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2022-09-29
00h00 +00:00
00h00 +00:00
Alerta para um CAPEC
Fique informado sobre quaisquer alterações para um CAPEC específico.
Descrições CAPEC
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Informações CAPEC
Pré-requisitos
An authoritative or reputable signer is storing their private signature key with insufficient protection.Habilidades Necessárias
Knowledge of common location methods and access methods to sensitive dataAbility to compromise systems containing sensitive data
Mitigações
Restrict access to private keys from non-supervisory accountsRestrict access to administrative personnel and processes only
Ensure all remote methods are secured
Ensure all services are patched and up to date
Fraquezas Relacionadas
| Nome da Fraqueza | |
|---|---|
CWE-522 |
Insufficiently Protected Credentials The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Referências
REF-411
Security breach stoppedSigbjørn Vik.
REF-412
Bit9 and Our Customers’ SecurityPatrick Morley.
REF-413
Inappropriate Use of Adobe Code Signing CertificateBrad Arkin.
Submissão
| Nome | Organização | Data | Data de lançamento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modificações
| Nome | Organização | Data | Comentário |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings |
