Conditions préalables
The targeted server must rely on the client to correctly perform monetary calculations and must fail to detect errors in these calculations.
Ressources nécessaires
The attacker must have access to the client for the targeted service (this step is trivial for most web-based services). The attacker must also be able to reverse engineer the client in order to locate and modify the client's purse logic. Reverse engineering tools would be necessary for this.
Faiblesses connexes
CWE-ID |
Nom de la faiblesse |
|
Client-Side Enforcement of Server-Side Security The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
Soumission
Nom |
Organisation |
Date |
Date de publication |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
|
Modifications
Nom |
Organisation |
Date |
Commentaire |
CAPEC Content Team |
The MITRE Corporation |
2015-12-07 +00:00 |
Updated Related_Attack_Patterns |
CAPEC Content Team |
The MITRE Corporation |
2017-08-04 +00:00 |
Updated Resources_Required |