CAPEC-151: Identity Spoofing
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
前提条件
- The identity associated with the message or resource must be removable or modifiable in an undetectable way.
所需资源
- None: No specialized resources are required to execute this type of attack.
后果影响
影响范围: Confidentiality Integrity Authentication Access Control
技术影响: Gain Privileges
缓解措施
Employ robust authentication processes (e.g., multi-factor authentication).