CAPEC-151

Identity Spoofing
Moyen
Moyen
Stable
2014-06-23
00h00 +00:00
2022-02-22
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.

Informations du CAPEC

Conditions préalables

The identity associated with the message or resource must be removable or modifiable in an undetectable way.

Ressources nécessaires

None: No specialized resources are required to execute this type of attack.

Atténuations

Employ robust authentication processes (e.g., multi-factor authentication).

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-287

 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2017-05-01 +00:00 Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit
CAPEC Content Team The MITRE Corporation 2017-08-04 +00:00 Updated Resources_Required
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Description, Extended_Description