CAPEC-485: Signature Spoofing by Key Recreation

An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

High

Typical severity

Per MITRE

Low

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-485 (Signature Spoofing by Key Recreation) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-485: Signature Spoofing by Key Recreation

Overview

What the attacker needs

Prerequisites

Skills required

How to mitigate it

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-485?

How do you prevent CAPEC-485?

What weaknesses does CAPEC-485 target?

How severe is CAPEC-485?

References

Defend against CAPEC-485

Overview

What the attacker needs

Prerequisites

Skills required

How to mitigate it

Related weaknesses

Related attack patterns

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-485?

How do you prevent CAPEC-485?

What weaknesses does CAPEC-485 target?

How severe is CAPEC-485?

References

Defend against CAPEC-485