Name Signature Spoofing by Improper Validation
Summary An attacker exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.
Prerequisites Recipient is using a weak cryptographic signature verification algorithm or a weak implementation of a cryptographic signature verification algorithm, or the configuration of the recipient's application accepts the use of keys generated using cryptographically weak signature verification algorithms.
Solutions Use programs and products that contain cryptographic elements that have been thoroughly tested for flaws in the signature verification routines.
Related Weaknesses
CWE ID Description
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Back to Top