CAPEC-151: Identity Spoofing

Description

Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.

Extended Description

Alternatively, an adversary may intercept a message from a legitimate sender and attempt to make it look like the message comes from them without changing its content. The latter form of this attack can be used to hijack credentials from legitimate users. Identity Spoofing attacks need not be limited to transmitted messages - any resource that is associated with an identity (for example, a file with a signature) can be the target of an attack where the adversary attempts to change the apparent identity. This attack differs from Content Spoofing attacks where the adversary does not wish to change the apparent identity of the message but instead wishes to change what the message says. In an Identity Spoofing attack, the adversary is attempting to change the identity of the content.

Severity :

Medium

Possibility :

Medium

Type :

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-16: Dictionary-based Password Attack Dictionary-based Password Attack CAPEC-49: Password Brute Forcing Password Brute Forcing CAPEC-50: Password Recovery Exploitation Password Recovery Exploitation CAPEC-55: Rainbow Table Password Cracking Rainbow Table Password Cracking CAPEC-70: Try Common or Default Usernames and Passwords Try Common or Default Usernames and Passwords CAPEC-89: Pharming Pharming CAPEC-94: Adversary in the Middle (AiTM) Adversary in the Middle (AiTM) CAPEC-98: Phishing Phishing CAPEC-194: Fake the Source of Data Fake the Source of Data CAPEC-195: Principal Spoof Principal Spoof CAPEC-473: Signature Spoof Signature Spoof CAPEC-509: Kerberoasting Kerberoasting CAPEC-555: Remote Services with Stolen Credentials Remote Services with Stolen Credentials CAPEC-560: Use of Known Domain Credentials Use of Known Domain Credentials CAPEC-561: Windows Admin Shares with Stolen Credentials Windows Admin Shares with Stolen Credentials CAPEC-565: Password Spraying Password Spraying CAPEC-568: Capture Credentials via Keylogger Capture Credentials via Keylogger CAPEC-600: Credential Stuffing Credential Stuffing CAPEC-644: Use of Captured Hashes (Pass The Hash) Use of Captured Hashes (Pass The Hash) CAPEC-645: Use of Captured Tickets (Pass The Ticket) Use of Captured Tickets (Pass The Ticket) CAPEC-652: Use of Known Kerberos Credentials Use of Known Kerberos Credentials CAPEC-653: Use of Known Operating System Credentials Use of Known Operating System Credentials CAPEC-665: Exploitation of Thunderbolt Protection Flaws Exploitation of Thunderbolt Protection Flaws CAPEC-701: Browser in the Middle (BiTM) Browser in the Middle (BiTM)

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

The identity associated with the message or resource must be removable or modifiable in an undetectable way.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

None: No specialized resources are required to execute this type of attack.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-287: Improper Authentication

Visit http://capec.mitre.org/ for more details.