Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-459:Creating a Rogue Certification Authority Certificate
Attack Pattern ID:459
Version:v3.9
Attack Pattern Name:Creating a Rogue Certification Authority Certificate
Abstraction:Detailed
Status:Draft
Likelihood of Attack:Medium
Typical Severity:Very High
DetailsContent HistoryRelated WeaknessesReports
3Weaknesses found
CWE-290
Authentication Bypass by Spoofing
ShareView Details
Authentication Bypass by Spoofing
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in435CVEs

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Impacts-
Bypass Protection MechanismGain Privileges or Assume Identity
Tags-
Bypass Protection Mechanism (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
CWE Cross-section
CWE-295
Improper Certificate Validation
ShareView Details
Improper Certificate Validation
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in1177CVEs

The product does not validate, or incorrectly validates, a certificate.

Impacts-
Bypass Protection MechanismGain Privileges or Assume Identity
Tags-
Mobile (technology class)Bypass Protection Mechanism (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
2019 CWE Top 25 Most Dangerous Software Errors
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
ShareView Details
Use of a Broken or Risky Cryptographic Algorithm
Likelihood of Exploit-High
Mapping-Allowed-with-Review
Abstraction-Class
Found in548CVEs

The product uses a broken or risky cryptographic algorithm or protocol.

Impacts-
Read Application DataHide ActivitiesModify Application Data
Tags-
VHDLVerilogHigh exploitLibraries or FrameworksICS/OT (technology class)Modify Application Data (impact)Hide Activities (impact)Read Application Data (impact)
As Seen In-
Simplified Mapping of Published VulnerabilitiesCWE Cross-section