CAPEC-475 - Signature Spoofing by Improper Validation

An attacker exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.

Severity

Likelihood

Confidentiality

Integrity

Availability

  • Attack Methods 5
  • Protocol Manipulation
  • Analysis
  • API Abuse
  • Brute Force
  • Spoofing

High level: Cryptanalysis of signature verification algorithm

High level: Reverse engineering and cryptanalysis of signature verification algorithm implementation

Recipient is using a weak cryptographic signature verification algorithm or a weak implementation of a cryptographic signature verification algorithm, or the configuration of the recipient's application accepts the use of keys generated using cryptographically weak signature verification algorithms.

Use programs and products that contain cryptographic elements that have been thoroughly tested for flaws in the signature verification routines.