CAPEC-216

Communication Channel Manipulation
Stable
2014-06-23
00h00 +00:00
2023-01-24
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.

Informations du CAPEC

Conditions préalables

The target application must leverage an open communications channel.
The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).

Ressources nécessaires

A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack.

Atténuations

Encrypt all sensitive communications using properly-configured cryptography.
Design the communication system such that it associates proper authentication/authorization with each channel/message.

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-306

 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2015-12-07 +00:00 Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2017-05-01 +00:00 Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Prerequisites
CAPEC Content Team The MITRE Corporation 2023-01-24 +00:00 Updated Related_Attack_Patterns, Related_Weaknesses