Threat Event
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
|
|
| ID | CAPEC-151 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 151 |
| Abstraction | Meta |
| Status | Stable |
| Alternate Terms | |
| Likelihood Of Attack | Medium |
| Typical Severity | Medium |
| Related Attack Patterns | |
| Execution Flow | |
| Prerequisites | ::The identity associated with the message or resource must be removable or modifiable in an undetectable way.:: |
| Skills Required | |
| Resources Required | ::None: No specialized resources are required to execute this type of attack.:: |
| Indicators | |
| Consequences | ::SCOPE:Confidentiality:SCOPE:Integrity:SCOPE:Authentication:SCOPE:Access Control:TECHNICAL IMPACT:Gain Privileges:: |
| Mitigations | ::Employ robust authentication processes (e.g., multi-factor authentication).:: |
| Example Instances | |
| Related Weaknesses | ::287:: |
| Taxonomy Mappings | |
| Notes | |