CAPEC-216

Communication Channel Manipulation
Stable
2014-06-23
00h00 +00:00
2023-01-24
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Notifications manage

Descriptions CAPEC

An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.

Informations CAPEC

Prerequisites

The target application must leverage an open communications channel.
The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).

Resources Required

A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack.

Mitigations

Encrypt all sensitive communications using properly-configured cryptography.
Design the communication system such that it associates proper authentication/authorization with each channel/message.

Related Weaknesses

CWE-ID Weakness Name

CWE-306

 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Submission

Name Organization Date Date release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2015-12-07 +00:00 Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2017-05-01 +00:00 Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Prerequisites
CAPEC Content Team The MITRE Corporation 2023-01-24 +00:00 Updated Related_Attack_Patterns, Related_Weaknesses