| Name |
Signature Spoofing by Key Theft |
|
| Likelyhood of attack |
Typical severity |
| Medium |
High |
|
| Summary |
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker. |
| Prerequisites |
An authoritative or reputable signer is storing their private signature key with insufficient protection. |
| Solutions | Restrict access to private keys from non-supervisory accounts Restrict access to administrative personnel and processes only Ensure all remote methods are secured Ensure all services are patched and up to date |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-522 |
Insufficiently Protected Credentials |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-473 |
An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1552.004 |
Unsecured Credentials: Private Keys |
|