CAPEC-192
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Descriptions du CAPEC
An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.
Informations du CAPEC
Conditions préalables
Access to a binary executable.The ability to observe and interact with a communication channel between communicating processes.
Compétences requises
Knowlegde of the Open Systems Interconnection model (OSI model), and famililarity with Wireshark or some other packet analyzer.Ressources nécessaires
Depending on the type of analysis, a variety of tools might be required, such as static code and/or dynamic analysis tools. Alternatively, the effort might require debugging programs such as ollydbg, SoftICE, or disassemblers like IDA Pro. In some instances, packet sniffing or packet analyzing programs such as TCP dump or Wireshark are necessary. Lastly, specific protocol analysis might require tools such as PDB (Protocol Debug), or packet injection tools like pcap or Nemesis.Faiblesses connexes
| Nom de la faiblesse | |
|---|---|
CWE-326 |
Inadequate Encryption Strength The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. |
Références
REF-57
Wikipediahttp://en.wikipedia.org/wiki/Proprietary_protocol
REF-50
Wikipediahttp://en.wikipedia.org/wiki/Reverse_engineering
Soumission
| Nom | Organisation | Date | Date de publication |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Activation_Zone, Attacker_Skills_or_Knowledge_Required, Description Summary, Injection_Vector, Other_Notes, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Typical_Likelihood_of_Exploit | |
| CAPEC Content Team | The MITRE Corporation | Updated Attacker_Skills_or_Knowledge_Required, Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.