Name Signature Spoof
Summary An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
Prerequisites The victim or victim system is dependent upon a cryptographic signature-based verification system for validation of one or more security events or actions. The validation can be bypassed via an attacker-provided signature that makes it appear that the legitimate authoritative or reputable source provided the signature.
Solutions
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-290 Authentication Bypass by Spoofing
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Back to Top