Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-68:Subvert Code-signing Facilities
Attack Pattern ID:68
Version:v3.9
Attack Pattern Name:Subvert Code-signing Facilities
Abstraction:Standard
Status:Draft
Likelihood of Attack:Low
Typical Severity:Very High
DetailsContent HistoryRelated WeaknessesReports
3Weaknesses found
CWE-1326
Missing Immutable Root of Trust in Hardware
ShareView Details
Missing Immutable Root of Trust in Hardware
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in9CVEs

A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.

Impacts-
Execute Unauthorized Code or CommandsGain Privileges or Assume IdentityModify Memory
Tags-
Security HardwareExecute Unauthorized Code or Commands (impact)Modify Memory (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
Not Available
CWE-325
Missing Cryptographic Step
ShareView Details
Missing Cryptographic Step
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in40CVEs

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

Impacts-
Bypass Protection MechanismHide ActivitiesRead Application DataModify Application Data
Tags-
Bypass Protection Mechanism (impact)Modify Application Data (impact)Hide Activities (impact)Read Application Data (impact)
As Seen In-
CWE Cross-section
CWE-328
Use of Weak Hash
ShareView Details
Use of Weak Hash
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in52CVEs

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

Impacts-
Bypass Protection Mechanism
Tags-
ICS/OT (technology class)Bypass Protection Mechanism (impact)
As Seen In-
Not Available