CAPEC-475 Detail

CAPEC-475

Name

Signature Spoofing by Improper Validation

Likihood attacks

Low

Typical Severity

High

Status

Draft

Published

2014-06-23
00h00 +00:00

Modified

2022-02-22
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.

Informations CAPEC

Prerequisites

Recipient is using a weak cryptographic signature verification algorithm or a weak implementation of a cryptographic signature verification algorithm, or the configuration of the recipient's application accepts the use of keys generated using cryptographically weak signature verification algorithms.

Skills Required

Cryptanalysis of signature verification algorithm
Reverse engineering and cryptanalysis of signature verification algorithm implementation

Mitigations

Use programs and products that contain cryptographic elements that have been thoroughly tested for flaws in the signature verification routines.

Related Weaknesses

CWE-ID	Weakness Name
CWE-347	Improper Verification of Cryptographic Signature The product does not verify, or incorrectly verifies, the cryptographic signature for data.
CWE-327	Use of a Broken or Risky Cryptographic Algorithm The product uses a broken or risky cryptographic algorithm or protocol.
CWE-295	Improper Certificate Validation The product does not validate, or incorrectly validates, a certificate.

References

REF-562

Microsoft's Chain of Fools
Kenn White.
https://blog.lessonslearned.org/chain-of-fools/

REF-563

Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers
https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

REF-564

Analysis of REF-563
Thomas Ptacek, Thomas Pornin.
https://news.ycombinator.com/item?id=22048619

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2017-05-01 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2019-04-04 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2019-09-30 +00:00	Updated Example_Instances, References, Related_Attack_Patterns, Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Description, Example_Instances
CAPEC Content Team	The MITRE Corporation	2022-02-22 +00:00	Updated Description, Example_Instances, Extended_Description