CAPEC-216
Communication Channel Manipulation
Stable
2014-06-23
00h00 +00:00
00h00 +00:00
2023-01-24
00h00 +00:00
00h00 +00:00
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Opisy CAPEC
An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.
Informacje CAPEC
Wymagania wstępne
The target application must leverage an open communications channel.The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).
Wymagane zasoby
A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack.Łagodzenie
Encrypt all sensitive communications using properly-configured cryptography.Design the communication system such that it associates proper authentication/authorization with each channel/message.
Powiązane słabości
| Nazwa słabości | |
|---|---|
CWE-306 |
Missing Authentication for Critical Function The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated Prerequisites | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns, Related_Weaknesses |
