CAPEC Details
Name Signature Spoofing by Improper Validation
Likelyhood of attack Typical severity
Low High
Summary An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key. Signature verification algorithms are generally used to determine whether a certificate or piece of code (e.g. executable, binary, etc.) possesses a valid signature and can be trusted. If the leveraged algorithm confirms that a valid signature exists, it establishes a foundation of trust that is further conveyed to the end-user when interacting with a website or application. However, if the signature verification algorithm improperly validates the signature, either by not validating the signature at all or by failing to fully validate the signature, it could result in an adversary generating a spoofed signature and being classified as a legitimate entity. Successfully exploiting such a weakness could further allow the adversary to reroute users to malicious sites, steals files, activates microphones, records keystrokes and passwords, wipes disks, installs malware, and more.
Prerequisites Recipient is using a weak cryptographic signature verification algorithm or a weak implementation of a cryptographic signature verification algorithm, or the configuration of the recipient's application accepts the use of keys generated using cryptographically weak signature verification algorithms.
Solutions Use programs and products that contain cryptographic elements that have been thoroughly tested for flaws in the signature verification routines.
Related Weaknesses
CWE ID Description
CWE-295 Improper Certificate Validation
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-347 Improper Verification of Cryptographic Signature
Related CAPECS
CAPEC ID Description
CAPEC-473 An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
CAPEC-542 An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware crafted for these attacks is based specifically on information gathered about the technology environment. Successfully executing the malware enables an adversary to achieve a wide variety of negative technical impacts.