CAPEC-654 Detail

CAPEC-654

Name

Credential Prompt Impersonation

Likihood attacks

Medium

Typical Severity

High

Status

Stable

Published

2020-07-30
00h00 +00:00

Modified

2022-09-29
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An adversary, through a previously installed malicious application, impersonates a credential prompt in an attempt to steal a user's credentials.

Informations CAPEC

Execution Flow

1) Explore

[Determine suitable tasks to exploit] Determine what tasks exist on the target system that may result in a user providing their credentials.

Technique

Determine what tasks prompt a user for their credentials.

2) Exploit

[Impersonate Task] Impersonate a legitimate task, either expected or unexpected, in an attempt to gain user credentials.

Technique

Prompt a user for their credentials, while making the user believe the credential request is legitimate.

Prerequisites

The adversary must already have access to the target system via some means.
A legitimate task must exist that an adversary can impersonate to glean credentials.

Skills Required

Once an adversary has gained access to the target system, impersonating a credential prompt is not difficult.

Resources Required

Malware or some other means to initially comprise the target system.
Additional malware to impersonate a legitimate credential prompt.

Mitigations

The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.

Related Weaknesses

CWE-ID	Weakness Name
CWE-1021	Improper Restriction of Rendered UI Layers or Frames The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2022-02-22 +00:00	Updated Description, Extended_Description
CAPEC Content Team	The MITRE Corporation	2022-09-29 +00:00	Updated Taxonomy_Mappings