CAPEC-479: Malicious Root Certificate (Version 3.9)
Archived: 2026-04-05 16:42:14 UTC
 Description
An adversary exploits a weakness in authorization and installs a new root certificate on a compromised system. Certificates
are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to
browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the
security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Adversaries have used this technique to avoid security warnings prompting users when compromised systems connect over
HTTPS to adversary controlled web servers that spoof legitimate websites in order to collect login credentials.
 Likelihood Of Attack
 Typical Severity
 Relationships
This table shows the other attack patterns and high level categories that are related to this attack pattern. These
relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels
of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack
patterns that the user may want to explore.
Nature Type
ChildOf Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It
This table shows the views that this attack pattern belongs to and top level categories within that view.
 Prerequisites
The adversary must have the ability to create a new root certificate.
 Taxonomy Mappings
CAPEC mappings to ATT&CK techniques leverage an inheritance model to streamline and minimize direct
CAPEC/ATT&CK mappings. Inheritance of a mapping is indicated by text stating that the parent CAPEC has relevant
ATT&CK mappings. Note that the ATT&CK Enterprise Framework does not use an inheritance model as part of the
mapping to CAPEC.
Relevant to the ATT&CK taxonomy mapping (also see parent)
Entry ID Entry Name
1553.004 Subvert Trust Controls:Install Root Certificate
 Content History
Submissions
Submission Date Submitter Organization
2018-04-26
(Version 2.11)
CAPEC Content Team The MITRE Corporation
Modifications
Modification Date Modifier Organization
2020-07-30
(Version 3.3)
CAPEC Content Team The MITRE Corporation
Updated Taxonomy_Mappings
More information is available — Please select a different filter.
https://capec.mitre.org/data/definitions/479.html
Page 1 of 2

Source: https://capec.mitre.org/data/definitions/479.html
https://capec.mitre.org/data/definitions/479.html
Page 2 of 2