Category ID: 156Status: Draft
+ Description


An attacker constructs a message such that the constructed message is capable of masquerading as an authorized message from some other principal. As a result, consumers of these messages can be manipulated into responding or processing the deceptive message. Spoofing attacks assume that some piece of content or functionality is associated with an identity and that the content is trusted by the target because of this association. Spoofing refers to the falsification of the content and/or identity in such a way that the target will incorrectly trust the legitimacy of the content. The attacker then uses this content to execute an attack. For example, an attacker may modify a financial transaction between two parties so that the participants remain unchanged but the amount of the transaction is increased. If the recipient cannot detect the change, they may incorrectly assume the modified message originated with the original sender. Spoofing may involve an attacker crafting the content from scratch or capturing and modifying legitimate content.
+ Attack Prerequisites

The targeted content must be associated (possibly implicitly) with an identity and the targeted application or user must hold some trust about the content this identity is providing.

The attacker must be able to change the content, identity, or both in a way that is not detectable to the recipient and the recipient must fail to verify authenticity to the supposed source of the data. Cryptographic identity verification schemes can prevent this type of attack.

+ Resources Required

No special resources are required for most versions of this attack. If the attack involves modification of ongoing transactions, the attacker must be able to intercept communications between the sender and the target.

+ Relationships
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ParentOfAttack PatternAttack Pattern148Content Spoofing 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern151Identity Spoofing (Impersonation) 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern173Action Spoofing 
Mechanism of Attack (primary)1000
MemberOfViewView1000Mechanism of Attack 
Mechanism of Attack1000