CAPEC-473: Signature Spoof | ZEN SecDB Portal

An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.

https://capec.mitre.org/data/definitions/473.html

Weaknesses

# ID	Name	Type
CWE-20	Improper Input Validation	weakness
CWE-290	Authentication Bypass by Spoofing	weakness
CWE-327	Use of a Broken or Risky Cryptographic Algorithm	weakness

Taxonomiy Mapping

Type	# ID	Name
ATTACK	1036.001	Masquerading: Invalid Code Signature
ATTACK	1553.002	Subvert Trust Controls: Code Signing