CAPEC-477 Signature Spoofing by Mixing Signed and Unsigned Content

CAPEC ID: 477

CAPEC-477 Metadata

Likelihood of Attack

Low

Typical Severity

High

Overview

Summary

An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.

Prerequisites

Signer and recipient are using complex data storage structures that allow for a mix between signed and unsigned data Recipient is using signature verification software that does not maintain separation between signed and unsigned data once the signature has been verified.

Potential Solutions / Mitigations

Ensure the application is fully patched and does not allow the processing of unsigned data as if it is signed data.

Related Weaknesses (CWE)

CWE ID Description
CWE-311 Missing Encryption of Sensitive Data
CWE-319 Cleartext Transmission of Sensitive Information
CWE-693 Protection Mechanism Failure

Related CAPECs

CAPEC ID Description
CAPEC-473 An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.

Stay Ahead of Attack Patterns

Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.