CAPEC-220
Client-Server Protocol Manipulation
Medio
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2022-02-22
00h00 +00:00
00h00 +00:00
Alerta para un CAPEC
Manténgase informado sobre cualquier cambio en un CAPEC específico.
Descripciones CAPEC
An adversary takes advantage of weaknesses in the protocol by which a client and server are communicating to perform unexpected actions. Communication protocols are necessary to transfer messages between client and server applications. Moreover, different protocols may be used for different types of interactions.
Informaciones CAPEC
Prerrequisitos
The client and/or server must utilize a protocol that has a weakness allowing manipulation of the interaction.Recursos requeridos
The adversary must be able to identify the weakness in the utilized protocol and exploit it. This may require a sniffing tool as well as packet creation abilities. The adversary will be aided if they can force the client and/or server to utilize a specific protocol known to contain exploitable weaknesses.Debilidades relacionadas
| Nombre de la debilidad | |
|---|---|
CWE-757 |
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. |
Envío
| Nombre | Organización | Fecha | Fecha de lanzamiento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modificaciones
| Nombre | Organización | Fecha | Comentario |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
