CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content

Description
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
Extended Description

Signature verification algorithms are generally used to determine whether a certificate or piece of code (e.g. executable, binary, etc.) possesses a valid signature and can be trusted.

If the leveraged algorithm confirms that a valid signature exists, it establishes a foundation of trust that is further conveyed to the end-user when interacting with a website or application. However, if the signature verification algorithm improperly validates the signature, either by not validating the signature at all or by failing to fully validate the signature, it could result in an adversary generating a spoofed signature and being classified as a legitimate entity. Successfully exploiting such a weakness could further allow the adversary to reroute users to malicious sites, steals files, activates microphones, records keystrokes and passwords, wipes disks, installs malware, and more.

Severity :

High

Possibility :

Low

Type :

Detailed
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-473: Signature Spoof Signature Spoof
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Signer and recipient are using complex data storage structures that allow for a mix between signed and unsigned data
  • Recipient is using signature verification software that does not maintain separation between signed and unsigned data once the signature has been verified.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • High The attacker may need to continuously monitor a stream of signed data, waiting for an exploitable message to appear.
  • High Attacker must be able to create malformed data blobs and know how to insert them in a location that the recipient will visit.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-311: Missing Encryption of Sensitive Data

CWE-319: Cleartext Transmission of Sensitive Information

CWE-693: Protection Mechanism Failure

Visit http://capec.mitre.org/ for more details.