Detailed attack pattern
Draft
CAPEC-474: Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Last updated
High
Typical severity
Per MITRE
Medium
Likelihood of attack
Per MITRE
1
Related weaknesses
CWEs this targets
Detailed
Abstraction
MITRE classification
Overview
CAPEC-474 (Signature Spoofing by Key Theft) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- An authoritative or reputable signer is storing their private signature key with insufficient protection.
Skills required
- Low skill: Knowledge of common location methods and access methods to sensitive data
- High skill: Ability to compromise systems containing sensitive data
How to mitigate it
Defenses that reduce the risk of CAPEC-474.
- Restrict access to private keys from non-supervisory accounts
- Restrict access to administrative personnel and processes only
- Ensure all remote methods are secured
- Ensure all services are patched and up to date