Name | Signature Spoofing by Improper Validation |
Summary | An attacker exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key. |
Prerequisites | Recipient is using a weak cryptographic signature verification algorithm or a weak implementation of a cryptographic signature verification algorithm, or the configuration of the recipient's application accepts the use of keys generated using cryptographically weak signature verification algorithms. |
Solutions | Use programs and products that contain cryptographic elements that have been thoroughly tested for flaws in the signature verification routines. |
Related Weaknesses |
CWE ID | Description |
CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
|