Prerequisites
This attack is only applicable when a vulnerable entity associates data or services with an identity. Without such an association, there would be no reason to fake the source.
Resources Required
Resources required vary depending on the nature of the attack. Possible tools needed by an attacker could include tools to create custom network packets, specific client software, and tools to capture network traffic. Many variants of this attack require no attacker resources, however.
Related Weaknesses
CWE-ID |
Weakness Name |
CWE-287 |
Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Submission
Name |
Organization |
Date |
Date Release |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2018-07-31 +00:00 |
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Weaknesses |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Attack_Patterns |
CAPEC Content Team |
The MITRE Corporation |
2020-12-17 +00:00 |
Updated Related_Attack_Patterns, Taxonomy_Mappings |
CAPEC Content Team |
The MITRE Corporation |
2021-06-24 +00:00 |
Updated Related_Attack_Patterns |