CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
Detailed
Draft
严重程度: High
攻击可能性: Low
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
前提条件
- Signer and recipient are using complex data storage structures that allow for a mix between signed and unsigned data
- Recipient is using signature verification software that does not maintain separation between signed and unsigned data once the signature has been verified.
所需技能
High
The attacker may need to continuously monitor a stream of signed data, waiting for an exploitable message to appear.
High
Attacker must be able to create malformed data blobs and know how to insert them in a location that the recipient will visit.
缓解措施
Ensure the application is fully patched and does not allow the processing of unsigned data as if it is signed data.