Name Signature Spoofing by Key Theft
Summary An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Prerequisites An authoritative or reputable signer is storing their private signature key with insufficient protection.
Solutions Ensure all services are patched and up to date
Related Weaknesses
CWE ID Description
CWE-216 Containment Errors (Container Errors)
CWE-284 Improper Access Control
CWE-693 Protection Mechanism Failure
Back to Top