ByteOS Network

CAPEC-475:Signature Spoofing by Improper Validation

Attack Pattern ID:475

Version:v3.9

Attack Pattern Name:Signature Spoofing by Improper Validation

Abstraction:Detailed

Status:Draft

Likelihood of Attack:Low

Typical Severity:High

Details Content History Related Weaknesses Reports

3Weaknesses found

CWE-295

Improper Certificate Validation

View Details

Improper Certificate Validation

Likelihood of Exploit-Not Available

Mapping-Allowed

Abstraction-Base

Found in1177CVEs

The product does not validate, or incorrectly validates, a certificate.

Impacts-

Bypass Protection MechanismGain Privileges or Assume Identity

Tags-

Mobile (technology class)Bypass Protection Mechanism (impact)Gain Privileges or Assume Identity (impact)

As Seen In-

2019 CWE Top 25 Most Dangerous Software Errors

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

View Details

Use of a Broken or Risky Cryptographic Algorithm

Likelihood of Exploit-High

Mapping-Allowed-with-Review

Abstraction-Class

Found in548CVEs

The product uses a broken or risky cryptographic algorithm or protocol.

Impacts-

Read Application DataHide ActivitiesModify Application Data

Tags-

VHDL Verilog High exploit Libraries or Frameworks ICS/OT (technology class)Modify Application Data (impact)Hide Activities (impact)Read Application Data (impact)

As Seen In-

Simplified Mapping of Published Vulnerabilities CWE Cross-section

CWE-347

Improper Verification of Cryptographic Signature

View Details

Improper Verification of Cryptographic Signature

Likelihood of Exploit-Not Available

Mapping-Allowed

Abstraction-Base

Found in529CVEs

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Impacts-

Modify Application DataExecute Unauthorized Code or CommandsGain Privileges or Assume Identity

Tags-

Execute Unauthorized Code or Commands (impact)Modify Application Data (impact)Gain Privileges or Assume Identity (impact)

As Seen In-

CWE Cross-section