CAPEC 474 Signature Spoofing by Key Theft

Name: VulnX Platform
Author: Studio Consi

Draft Detailed Medium Risk

Severity High

Description

An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

CAPEC 474 Signature Spoofing by Key Theft

Description

Mitigations

Ensure All Remote Methods Are Secured

Ensure All Services Are Patched And Up To Date

Restrict Access To Administrative Personnel And Processes Only

Restrict Access To Private Keys From Non-Supervisory Accounts

Consequences

Consequence Information

Relationships

Parent CAPECs

Related ATT&CK Techniques

Private Keys

CAPEC 474 Signature Spoofing by Key Theft

Description

Mitigations

Ensure All Remote Methods Are Secured

Ensure All Services Are Patched And Up To Date

Restrict Access To Administrative Personnel And Processes Only

Restrict Access To Private Keys From Non-Supervisory Accounts

Consequences

Consequence Information

Relationships

Parent CAPECs

Related ATT&CK Techniques

Private Keys

Iscriviti alla newsletter