CAPEC-74 Detail

CAPEC-74

Name

Manipulating State

Likihood attacks

Medium

Typical Severity

High

Status

Stable

Published

2014-06-23
00h00 +00:00

Modified

2021-06-24
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

The adversary modifies state information maintained by the target software or causes a state transition in hardware. If successful, the target will use this tainted state and execute in an unintended manner.

State management is an important function within a software application. User state maintained by the application can include usernames, payment information, browsing history as well as application-specific contents such as items in a shopping cart. Manipulating user state can be employed by an adversary to elevate privilege, conduct fraudulent transactions or otherwise modify the flow of the application to derive certain benefits.

If there is a hardware logic error in a finite state machine, the adversary can use this to put the system in an undefined state which could cause a denial of service or exposure of secure data.

Informations CAPEC

Execution Flow

1) Explore

Adversary determines the nature of state management employed by the target. This includes determining the location (client-side, server-side or both applications) and possibly the items stored as part of user state.

2) Experiment

The adversary now tries to modify the user state contents (possibly indiscriminately if the contents are encrypted or otherwise obfuscated) or cause a state transition and observe the effects of this change on the target.

3) Exploit

Having determined how to manipulate the state, the adversary can perform illegitimate actions.

Prerequisites

User state is maintained at least in some way in user-controllable locations, such as cookies or URL parameters.
There is a faulty finite state machine in the hardware logic that can be exploited.

Skills Required

The adversary needs to have knowledge of state management as employed by the target application, and also the ability to manipulate the state in a meaningful way.

Resources Required

The adversary needs a data tampering tool capable of generating and creating custom inputs to aid in the attack, like Fiddler, Wireshark, or a similar in-browser plugin (e.g., Tamper Data for Firefox).

Mitigations

Do not rely solely on user-controllable locations, such as cookies or URL parameters, to maintain user state.
Avoid sensitive information, such as usernames or authentication and authorization information, in user-controllable locations.
Sensitive information that is part of the user state must be appropriately protected to ensure confidentiality and integrity at each request.
All possible states must be handled by hardware finite state machines.

Related Weaknesses

CWE-ID	Weakness Name
CWE-372	Incomplete Internal State Distinction The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.
CWE-315	Cleartext Storage of Sensitive Information in a Cookie The product stores sensitive information in cleartext in a cookie.
CWE-353	Missing Support for Integrity Check The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
CWE-693	Protection Mechanism Failure The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CWE-1245	Improper Finite State Machines (FSMs) in Hardware Logic Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim's system.
CWE-1253	Incorrect Selection of Fuse Values The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.
CWE-1265	Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls During execution of non-reentrant code, the product performs a call that unintentionally produces a nested invocation of the non-reentrant code.
CWE-1271	Uninitialized Value on Reset for Registers Holding Security Settings Security-critical logic is not set to a known value on reset.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2017-01-09 +00:00	Updated Description Summary, Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2017-05-01 +00:00	Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Probing_Techniques, Resources_Required, Solutions_and_Mitigations
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated @Name, Consequences, Description, Execution_Flow, Mitigations, Prerequisites, Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00	Updated Execution_Flow, Related_Weaknesses