CAPEC-474: Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Last updated
Overview
CAPEC-474 (Signature Spoofing by Key Theft) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- An authoritative or reputable signer is storing their private signature key with insufficient protection.
Skills required
- Low skill: Knowledge of common location methods and access methods to sensitive data
- High skill: Ability to compromise systems containing sensitive data
How to mitigate it
Defenses that reduce the risk of CAPEC-474.
- Restrict access to private keys from non-supervisory accounts
- Restrict access to administrative personnel and processes only
- Ensure all remote methods are secured
- Ensure all services are patched and up to date
Terminology & mappings
Mapped taxonomies
- ATTACK: Unsecured Credentials: Private Keys (1552.004)
Frequently asked questions
Common questions about CAPEC-474.
- What is CAPEC-474?
- An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
- How do you prevent CAPEC-474?
- Restrict access to private keys from non-supervisory accounts
- What weaknesses does CAPEC-474 target?
- CAPEC-474 exploits 1 CWE weakness, including CWE-522 (Insufficiently Protected Credentials).
- How severe is CAPEC-474?
- MITRE rates CAPEC-474 as High severity with medium likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-474
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.