CAPEC-202
Create Malicious Client
Średni
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2022-02-22
00h00 +00:00
00h00 +00:00
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Opisy CAPEC
An adversary creates a client application to interface with a target service where the client violates assumptions the service makes about clients. Services that have designated client applications (as opposed to services that use general client applications, such as IMAP or POP mail servers which can interact with any IMAP or POP client) may assume that the client will follow specific procedures.
Informacje CAPEC
Wymagania wstępne
The targeted service must make assumptions about the behavior of the client application that interacts with it, which can be abused by an adversary.Wymagane zasoby
The adversary must be able to reverse engineer a client of the targeted service. However, the adversary does not need to reverse engineer all client functionality - they only need to recreate enough of the functionality to access the desired server functionality.Powiązane słabości
| Nazwa słabości | |
|---|---|
CWE-602 |
Client-Side Enforcement of Server-Side Security The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
