| Name | Signature Spoofing by Improper Validation |
| Summary | An attacker exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key. |
| Prerequisites | Recipient is using a weak cryptographic signature verification algorithm or a weak implementation of a cryptographic signature verification algorithm, or the configuration of the recipient's application accepts the use of keys generated using cryptographically weak signature verification algorithms. |
| Solutions | Use programs and products that contain cryptographic elements that have been thoroughly tested for flaws in the signature verification routines. |
| Related Weaknesses |
| CWE ID | Description |
| CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
|
