Dettaglio CAPEC-94

CAPEC-94

Adversary in the Middle (AiTM)
Alto
Stable
2014-06-23
00h00 +00:00
2022-09-29
00h00 +00:00
CAPEC Mitre.org
Avviso per un CAPEC specifico
Rimani informato su qualsiasi modifica relativa a un CAPEC specifico.
Gestione notifiche

Informazioni CAPEC

Flusso di esecuzione

1) Explore

[Determine Communication Mechanism] The adversary determines the nature and mechanism of communication between two components, looking for opportunities to exploit.

Tecnica
  • Perform a sniffing attack and observe communication to determine a communication protocol.
  • Look for application documentation that might describe a communication mechanism used by a target.
2) Experiment

[Position In Between Targets] The adversary inserts themself into the communication channel initially acting as a routing proxy between the two targeted components.

Tecnica
  • Install spyware on a client that will intercept outgoing packets and route them to their destination as well as route incoming packets back to the client.
  • Exploit a weakness in an encrypted communication mechanism to gain access to traffic. Look for outdated mechanisms such as SSL.
3) Exploit

[Use Intercepted Data Maliciously] The adversary observes, filters, or alters passed data of its choosing to gain access to sensitive information or to manipulate the actions of the two target components for their own purposes.

Tecnica
  • Prevent some messages from reaching their destination, causing a denial of service.

Prerequisiti

There are two components communicating with each other.
An attacker is able to identify the nature and mechanism of communication between the two target components.
An attacker can eavesdrop on the communication between the target components.
Strong mutual authentication is not used between the two target components yielding opportunity for attacker interposition.
The communication occurs in clear (not encrypted) or with insufficient and spoofable encryption.

Competenze richieste

This attack can get sophisticated since the attack may use cryptography.

Mitigazioni

Ensure Public Keys are signed by a Certificate Authority
Encrypt communications using cryptography (e.g., SSL/TLS)
Use Strong mutual authentication to always fully authenticate both ends of any communications channel.
Exchange public keys using a secure channel

Vulnerabilità correlate

CWE-ID Nome della vulnerabilità

CWE-300

 Channel Accessible by Non-Endpoint
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

CWE-290

 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

CWE-593

 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
The product modifies the SSL context after connection creation has begun.

CWE-287

 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-294

 Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Riferimenti

REF-553

Computer Security: Art and Science
M. Bishop.

REF-633

Man-in-the-middle attack
https://owasp.org/www-community/attacks/Man-in-the-middle_attack

REF-634

What is a man-in-the-middle attack?
Kyle Chivers.
https://us.norton.com/internetsecurity-wifi-what-is-a-man-in-the-middle-attack.html

REF-635

Man in the middle (MITM) attack
https://www.imperva.com/learn/application-security/man-in-the-middle-attack-mitm/

REF-636

Settling the score: taking down the Equifax mobile application
Jerry Decime.
https://www.linkedin.com/pulse/settling-score-taking-down-equifax-mobile-application-jerry-decime/

Invio

Nome Organizzazione Data Data di rilascio
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifiche

Nome Organizzazione Data Commento
CAPEC Content Team The MITRE Corporation 2017-08-04 +00:00 Updated Examples-Instances, Related_Vulnerabilities
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated References
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Example_Instances, Related_Attack_Patterns, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2019-09-30 +00:00 Updated @Abstraction, Description, Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Description, Example_Instances, Execution_Flow, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Related_Attack_Patterns, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated @Name, @Status, Alternate_Terms, Description, Example_Instances, Execution_Flow, Mitigations, References, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Description, Execution_Flow, Extended_Description
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.