CAPEC-479: Malicious Root Certificate
ID
CAPEC-479
Typical Severity
Low
Likelihood Of Attack
Low
Status
Stable
An adversary exploits a weakness in authorization and installs a new root certificate on a compromised system. Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website. Adversaries have used this technique to avoid security warnings prompting users when compromised systems connect over HTTPS to adversary controlled web servers that spoof legitimate websites in order to collect login credentials.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-284 | Improper Access Control | weakness |
Taxonomiy Mapping
Type | # ID | Name |
---|---|---|
ATTACK | 1553.004 | Subvert Trust Controls:Install Root Certificate |