CAPEC-475
Description
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.
Prerequisites
Recipient is using a weak cryptographic signature verification algorithm or a weak implementation of a cryptographic signature verification algorithm, or the configuration of the recipient's application accepts the use of keys generated using cryptographically weak signature verification algorithms.
Mitigations
Use programs and products that contain cryptographic elements that have been thoroughly tested for flaws in the signature verification routines.
Skills Required
[High] Cryptanalysis of signature verification algorithm
[High] Reverse engineering and cryptanalysis of signature verification algorithm implementation